* [PATCH] libxml2: 2.9.4 -> 2.9.5
@ 2017-09-05 6:35 Andrej Valek
2017-09-05 9:19 ` Burton, Ross
` (4 more replies)
0 siblings, 5 replies; 24+ messages in thread
From: Andrej Valek @ 2017-09-05 6:35 UTC (permalink / raw)
To: openembedded-core
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=UTF-8, Size: 90786 bytes --]
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
---
.../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +-
.../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 ----------
.../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 -------
.../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 --
.../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ---
.../libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 --
.../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ----
.../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ----------
.../libxml2/libxml2-fix_NULL_pointer_derefs.patch | 45 --
...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 ---------------------
.../libxml2/libxml2-fix_node_comparison.patch | 67 ---
meta/recipes-core/libxml/libxml2/runtest.patch | 32 +-
.../libxml/{libxml2_2.9.4.bb => libxml2_2.9.5.bb} | 14 +-
13 files changed, 10 insertions(+), 1722 deletions(-)
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
rename meta/recipes-core/libxml/{libxml2_2.9.4.bb => libxml2_2.9.5.bb} (85%)
diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
index 3277165..d9ed151 100644
--- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
+++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
@@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644
- echo "*** If you have an old version installed, it is best to remove it, although"
- echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ],
- [ echo "*** The test program failed to compile or link. See the file config.log for the"
-- echo "*** exact error that occured. This usually means LIBXML was incorrectly installed"
+- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed"
- echo "*** or that you have moved LIBXML since it was installed. In the latter case, you"
- echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ])
- CPPFLAGS="$ac_save_CPPFLAGS"
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
deleted file mode 100644
index bb55eed..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
+++ /dev/null
@@ -1,269 +0,0 @@
-libxml2-2.9.4: Fix CVE-2016-4658
-
-[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658
-
-xpointer: Disallow namespace nodes in XPointer points and ranges
-
-Namespace nodes must be copied to avoid use-after-free errors.
-But they don't necessarily have a physical representation in a
-document, so simply disallow them in XPointer ranges.
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=3f8a91036d338e51c059d54397a42d645f019c65]
-CVE: CVE-2016-4658
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..911680d 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
- }
-
- /**
-+ * xmlXPtrNewRangeInternal:
-+ * @start: the starting node
-+ * @startindex: the start index
-+ * @end: the ending point
-+ * @endindex: the ending index
-+ *
-+ * Internal function to create a new xmlXPathObjectPtr of type range
-+ *
-+ * Returns the newly created object.
-+ */
-+static xmlXPathObjectPtr
-+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
-+ xmlNodePtr end, int endindex) {
-+ xmlXPathObjectPtr ret;
-+
-+ /*
-+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
-+ * Disallow them for now.
-+ */
-+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+
-+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-+ if (ret == NULL) {
-+ xmlXPtrErrMemory("allocating range");
-+ return(NULL);
-+ }
-+ memset(ret, 0, sizeof(xmlXPathObject));
-+ ret->type = XPATH_RANGE;
-+ ret->user = start;
-+ ret->index = startindex;
-+ ret->user2 = end;
-+ ret->index2 = endindex;
-+ return(ret);
-+}
-+
-+/**
- * xmlXPtrNewRange:
- * @start: the starting node
- * @startindex: the start index
-@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
- if (endindex < 0)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = startindex;
-- ret->user2 = end;
-- ret->index2 = endindex;
-+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
-+ end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
- if (start->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
- if (end == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- if (start == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = NULL;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
- return(ret);
- }
-
-@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- */
- xmlXPathObjectPtr
- xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
-+ xmlNodePtr endNode;
-+ int endIndex;
- xmlXPathObjectPtr ret;
-
- if (start == NULL)
-@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- return(NULL);
- switch (end->type) {
- case XPATH_POINT:
-+ endNode = end->user;
-+ endIndex = end->index;
-+ break;
- case XPATH_RANGE:
-+ endNode = end->user2;
-+ endIndex = end->index2;
- break;
- case XPATH_NODESET:
- /*
-@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- */
- if (end->nodesetval->nodeNr <= 0)
- return(NULL);
-+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-+ endIndex = -1;
- break;
- default:
- /* TODO */
- return(NULL);
- }
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- switch (end->type) {
-- case XPATH_POINT:
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-- break;
-- case XPATH_RANGE:
-- ret->user2 = end->user2;
-- ret->index2 = end->index2;
-- break;
-- case XPATH_NODESET: {
-- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-- ret->index2 = -1;
-- break;
-- }
-- default:
-- STRANGE
-- return(NULL);
-- }
-+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
-@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user2;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
deleted file mode 100644
index 9d47d02..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
+++ /dev/null
@@ -1,180 +0,0 @@
-From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 14:22:23 +0200
-Subject: [PATCH] Fix XPointer paths beginning with range-to
-
-The old code would invoke the broken xmlXPtrRangeToFunction. range-to
-isn't really a function but a special kind of location step. Remove
-this function and always handle range-to in the XPath code.
-
-The old xmlXPtrRangeToFunction could also be abused to trigger a
-use-after-free error with the potential for remote code execution.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-5131.
-
-CVE: CVE-2016-5131
-Upstream-Status: Backport
-https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- result/XPath/xptr/vidbase | 13 ++++++++
- test/XPath/xptr/vidbase | 1 +
- xpath.c | 7 ++++-
- xpointer.c | 76 ++++-------------------------------------------
- 4 files changed, 26 insertions(+), 71 deletions(-)
-
-diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
-index 8b9e92d..f19193e 100644
---- a/result/XPath/xptr/vidbase
-+++ b/result/XPath/xptr/vidbase
-@@ -17,3 +17,16 @@ Object is a Location Set:
- To node
- ELEMENT p
-
-+
-+========================
-+Expression: xpointer(range-to(id('chapter2')))
-+Object is a Location Set:
-+1 : Object is a range :
-+ From node
-+ /
-+ To node
-+ ELEMENT chapter
-+ ATTRIBUTE id
-+ TEXT
-+ content=chapter2
-+
-diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
-index b146383..884b106 100644
---- a/test/XPath/xptr/vidbase
-+++ b/test/XPath/xptr/vidbase
-@@ -1,2 +1,3 @@
- xpointer(id('chapter1')/p)
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
-+xpointer(range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index d992841..5a01b1b 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
- lc = 1;
- break;
- } else if ((NXT(len) == '(')) {
-- /* Note Type or Function */
-+ /* Node Type or Function */
- if (xmlXPathIsNodeType(name)) {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
- "PathExpr: Type search\n");
- #endif
- lc = 1;
-+#ifdef LIBXML_XPTR_ENABLED
-+ } else if (ctxt->xptr &&
-+ xmlStrEqual(name, BAD_CAST "range-to")) {
-+ lc = 1;
-+#endif
- } else {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..d74174a 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
- ret->here = here;
- ret->origin = origin;
-
-- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
-- xmlXPtrRangeToFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range",
- xmlXPtrRangeFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
-@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- * @nargs: the number of args
- *
- * Implement the range-to() XPointer function
-+ *
-+ * Obsolete. range-to is not a real function but a special type of location
-+ * step which is handled in xpath.c.
- */
- void
--xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
-- xmlXPathObjectPtr range;
-- const xmlChar *cur;
-- xmlXPathObjectPtr res, obj;
-- xmlXPathObjectPtr tmp;
-- xmlLocationSetPtr newset = NULL;
-- xmlNodeSetPtr oldset;
-- int i;
--
-- if (ctxt == NULL) return;
-- CHECK_ARITY(1);
-- /*
-- * Save the expression pointer since we will have to evaluate
-- * it multiple times. Initialize the new set.
-- */
-- CHECK_TYPE(XPATH_NODESET);
-- obj = valuePop(ctxt);
-- oldset = obj->nodesetval;
-- ctxt->context->node = NULL;
--
-- cur = ctxt->cur;
-- newset = xmlXPtrLocationSetCreate(NULL);
--
-- for (i = 0; i < oldset->nodeNr; i++) {
-- ctxt->cur = cur;
--
-- /*
-- * Run the evaluation with a node list made of a single item
-- * in the nodeset.
-- */
-- ctxt->context->node = oldset->nodeTab[i];
-- tmp = xmlXPathNewNodeSet(ctxt->context->node);
-- valuePush(ctxt, tmp);
--
-- xmlXPathEvalExpr(ctxt);
-- CHECK_ERROR;
--
-- /*
-- * The result of the evaluation need to be tested to
-- * decided whether the filter succeeded or not
-- */
-- res = valuePop(ctxt);
-- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
-- if (range != NULL) {
-- xmlXPtrLocationSetAdd(newset, range);
-- }
--
-- /*
-- * Cleanup
-- */
-- if (res != NULL)
-- xmlXPathFreeObject(res);
-- if (ctxt->value == tmp) {
-- res = valuePop(ctxt);
-- xmlXPathFreeObject(res);
-- }
--
-- ctxt->context->node = NULL;
-- }
--
-- /*
-- * The result is used as the new evaluation set.
-- */
-- xmlXPathFreeObject(obj);
-- ctxt->context->node = NULL;
-- ctxt->context->contextSize = -1;
-- ctxt->context->proximityPosition = -1;
-- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
-+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
-+ int nargs ATTRIBUTE_UNUSED) {
-+ XP_ERROR(XPATH_EXPR_ERROR);
- }
-
- /**
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
deleted file mode 100644
index 0108265..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-libxml2: Fix CVE-2017-0663
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
-
-valid: Fix type confusion in xmlValidateOneNamespace
-
-Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
-on namespace declarations make no practical sense anyway.
-
-Fixes bug 780228
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
-CVE: CVE-2017-0663
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..e03d35e 100644
---- a/valid.c
-+++ b/valid.c
-@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- }
- }
-
-+ /*
-+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
-+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
-+ * no practical sense to use ID types anyway.
-+ */
-+#if 0
- /* Validity Constraint: ID uniqueness */
- if (attrDecl->atype == XML_ATTRIBUTE_ID) {
- if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
-@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
- ret = 0;
- }
-+#endif
-
- /* Validity Constraint: Notation Attributes */
- if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
deleted file mode 100644
index 571b05c..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-5969
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
-
-valid: Fix NULL pointer deref in xmlDumpElementContent
-
-Can only be triggered in recovery mode.
-
-Fixes bug 758422
-
-Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882]
-CVE: CVE-2017-5969
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..0a8e58a 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
- xmlBufferWriteCHAR(buf, content->name);
- break;
- case XML_ELEMENT_CONTENT_SEQ:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " , ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
- break;
- case XML_ELEMENT_CONTENT_OR:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " | ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
deleted file mode 100644
index 26779aa..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Wed, 23 Aug 2017 16:04:49 +0800
-Subject: [PATCH] fix CVE-2017-8872
-
-this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
-il too here.
-
-this seems to cure this specific issue, and also passes the testsuite
-
-Signed-off-by: Marcus Meissner <meissner@suse.de>
-
-https://bugzilla.gnome.org/show_bug.cgi?id=775200
-Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- parser.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/parser.c b/parser.c
-index 9506ead..6c07ffd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
- }
- ctxt->input->cur = BAD_CAST"";
- ctxt->input->base = ctxt->input->cur;
-+ if (ctxt->input->buf) {
-+ xmlBufEmpty (ctxt->input->buf->buffer);
-+ } else
-+ ctxt->input->length = 0;
- }
- }
-
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
deleted file mode 100644
index 8b03456..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781701
-
-valid: Fix buffer size checks in xmlSnprintfElementContent
-
-xmlSnprintfElementContent failed to correctly check the available
-buffer space in two locations.
-
-Fixes bug 781333 and bug 781701
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9047 CVE-2017-9048
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/result/valid/781333.xml b/result/valid/781333.xml
-new file mode 100644
-index 0000000..01baf11
---- /dev/null
-+++ b/result/valid/781333.xml
-@@ -0,0 +1,5 @@
-+<?xml version="1.0"?>
-+<!DOCTYPE a [
-+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
lllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
-new file mode 100644
-index 0000000..2176200
---- /dev/null
-+++ b/result/valid/781333.xml.err
-@@ -0,0 +1,3 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
-new file mode 100644
-index 0000000..1195a04
---- /dev/null
-+++ b/result/valid/781333.xml.err.rdr
-@@ -0,0 +1,6 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
-+
-+^
-diff --git a/test/valid/781333.xml b/test/valid/781333.xml
-new file mode 100644
-index 0000000..bceac9c
---- /dev/null
-+++ b/test/valid/781333.xml
-@@ -0,0 +1,4 @@
-+<!DOCTYPE a [
-+ <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
lllllllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/valid.c b/valid.c
-index 19f84b8..aaa30f6 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- case XML_ELEMENT_CONTENT_PCDATA:
- strcat(buf, "#PCDATA");
- break;
-- case XML_ELEMENT_CONTENT_ELEMENT:
-+ case XML_ELEMENT_CONTENT_ELEMENT: {
-+ int qnameLen = xmlStrlen(content->name);
-+
-+ if (content->prefix != NULL)
-+ qnameLen += xmlStrlen(content->prefix) + 1;
-+ if (size - len < qnameLen + 10) {
-+ strcat(buf, " ...");
-+ return;
-+ }
- if (content->prefix != NULL) {
-- if (size - len < xmlStrlen(content->prefix) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- strcat(buf, (char *) content->prefix);
- strcat(buf, ":");
- }
-- if (size - len < xmlStrlen(content->name) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- if (content->name != NULL)
- strcat(buf, (char *) content->name);
- break;
-+ }
- case XML_ELEMENT_CONTENT_SEQ:
- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- xmlSnprintfElementContent(buf, size, content->c2, 0);
- break;
- }
-+ if (size - strlen(buf) <= 2) return;
- if (englob)
- strcat(buf, ")");
- switch (content->ocur) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
deleted file mode 100644
index 591075d..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
+++ /dev/null
@@ -1,291 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781205
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781361
-
-parser: Fix handling of parameter-entity references
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-Percent sign in DTD Names
-=========================
-
-The NEXTL macro used to call xmlParserHandlePEReference. When parsing
-"complex" names inside the DTD, this could result in entity expansion
-which created a new input buffer. The fix is to simply remove the call
-to xmlParserHandlePEReference from the NEXTL macro. This is safe because
-no users of the macro require expansion of parameter entities.
-
-- xmlParseNameComplex
-- xmlParseNCNameComplex
-- xmlParseNmtoken
-
-The percent sign is not allowed in names, which are grammatical tokens.
-
-- xmlParseEntityValue
-
-Parameter-entity references in entity values are expanded but this
-happens in a separate step in this function.
-
-- xmlParseSystemLiteral
-
-Parameter-entity references are ignored in the system literal.
-
-- xmlParseAttValueComplex
-- xmlParseCharDataComplex
-- xmlParseCommentComplex
-- xmlParsePI
-- xmlParseCDSect
-
-Parameter-entity references are ignored outside the DTD.
-
-- xmlLoadEntityContent
-
-This function is only called from xmlStringLenDecodeEntities and
-entities are replaced in a separate step immediately after the function
-call.
-
-This bug could also be triggered with an internal subset and double
-entity expansion.
-
-This fixes bug 766956 initially reported by Wei Lei and independently by
-Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
-involved.
-
-xmlParseNameComplex with XML_PARSE_OLD10
-========================================
-
-When parsing Names inside an expanded parameter entity with the
-XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
-GROW macro if the input buffer was exhausted. At the end of the
-parameter entity's replacement text, this function would then call
-xmlPopInput which invalidated the input buffer.
-
-There should be no need to invoke GROW in this situation because the
-buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
-at least for UTF-8, in xmlCurrentChar. This also matches the code path
-executed when XML_PARSE_OLD10 is not set.
-
-This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
-Thanks to Marcel Böhme and Thuan Pham for the report.
-
-Additional hardening
-====================
-
-A separate check was added in xmlParseNameComplex to validate the
-buffer size.
-
-Fixes bug 781205 and bug 781361
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9049 CVE-2017-9050
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/Makefile.am b/Makefile.am
-index 9f988b0..dab15a4 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
- if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
- rm result.$$name error.$$name ; \
- fi ; fi ; done)
-+ @echo "## Error cases regression tests (old 1.0)"
-+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
-+ name=`basename $$i`; \
-+ if [ ! -d $$i ] ; then \
-+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
-+ echo New test file $$name ; \
-+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
-+ 2> $(srcdir)/result/errors10/$$name.err \
-+ > $(srcdir)/result/errors10/$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ else \
-+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ diff $(srcdir)/result/errors10/$$name result.$$name ; \
-+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
-+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
-+ rm result.$$name error.$$name ; \
-+ fi ; fi ; done)
- @echo "## Error cases stream regression tests"
- -@(for i in $(srcdir)/test/errors/*.xml ; do \
- name=`basename $$i`; \
-diff --git a/parser.c b/parser.c
-index 609a270..8e11c12 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
- ctxt->input->line++; ctxt->input->col = 1; \
- } else ctxt->input->col++; \
- ctxt->input->cur += l; \
-- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
- } while (0)
-
- #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
-@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- len += l;
- NEXTL(l);
- c = CUR_CHAR(l);
-- if (c == 0) {
-- count = 0;
-- GROW;
-- if (ctxt->instate == XML_PARSER_EOF)
-- return(NULL);
-- c = CUR_CHAR(l);
-- }
- }
- }
- if ((len > XML_MAX_NAME_LENGTH) &&
-@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
- return(NULL);
- }
-+ if (ctxt->input->cur - ctxt->input->base < len) {
-+ /*
-+ * There were a couple of bugs where PERefs lead to to a change
-+ * of the buffer. Check the buffer size to avoid passing an invalid
-+ * pointer to xmlDictLookup.
-+ */
-+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
-+ "unexpected change of input buffer");
-+ return (NULL);
-+ }
- if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
-diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
-new file mode 100644
-index 0000000..da15c3f
---- /dev/null
-+++ b/result/errors10/781205.xml.err
-@@ -0,0 +1,21 @@
-+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+Entity: line 1: parser error : DOCTYPE improperly terminated
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+namespace error : Failed to parse QName ':0000'
-+ %a;
-+ ^
-+<:0000
-+ ^
-+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
-+
-+^
-diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
-new file mode 100644
-index 0000000..655f41a
---- /dev/null
-+++ b/result/errors10/781361.xml.err
-@@ -0,0 +1,13 @@
-+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
-+
-+^
-+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+
-+^
-+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
-+
-+^
-+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
-+
-+^
-diff --git a/result/valid/766956.xml b/result/valid/766956.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
-new file mode 100644
-index 0000000..34b1dae
---- /dev/null
-+++ b/result/valid/766956.xml.err
-@@ -0,0 +1,9 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
-new file mode 100644
-index 0000000..7760346
---- /dev/null
-+++ b/result/valid/766956.xml.err.rdr
-@@ -0,0 +1,10 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-+./test/valid/766956.xml : failed to parse
-diff --git a/runtest.c b/runtest.c
-index bb74d2a..63e8c20 100644
---- a/runtest.c
-+++ b/runtest.c
-@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
- { "Error cases regression tests",
- errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
- 0 },
-+ { "Error cases regression tests (old 1.0)",
-+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
-+ XML_PARSE_OLD10 },
- #ifdef LIBXML_READER_ENABLED
- { "Error cases stream regression tests",
- streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
-diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
-new file mode 100644
-index 0000000..d9e9e83
---- /dev/null
-+++ b/test/errors10/781205.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE D [
-+ <!ENTITY % a "<:0000">
-+ %a;
-diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
-new file mode 100644
-index 0000000..67476bc
---- /dev/null
-+++ b/test/errors10/781361.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE doc [
-+ <!ENTITY % elem "<!ELEMENT e0000000000">
-+ %elem;
-diff --git a/test/valid/766956.xml b/test/valid/766956.xml
-new file mode 100644
-index 0000000..19a95a0
---- /dev/null
-+++ b/test/valid/766956.xml
-@@ -0,0 +1,2 @@
-+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
-+<test/>
-diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
-new file mode 100644
-index 0000000..dddde68
---- /dev/null
-+++ b/test/valid/dtds/766956.dtd
-@@ -0,0 +1,2 @@
-+<!ENTITY % ent "value">
-+%ä%ent;
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
deleted file mode 100644
index c60e32f..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-libxml2-2.9.4: Fix more NULL pointer derefs
-
-xpointer: Fix more NULL pointer derefs
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..074db24 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- /*
- * Empty set ...
- */
-- if (end->nodesetval->nodeNr <= 0)
-+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
- return(NULL);
- break;
- default:
-@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
- */
- xmlNodeSetPtr set;
- set = tmp->nodesetval;
-- if ((set->nodeNr != 1) ||
-+ if ((set == NULL) || (set->nodeNr != 1) ||
- (set->nodeTab[0] != (xmlNodePtr) ctx->doc))
- stack++;
- } else
-@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- xmlXPathFreeObject(set);
- XP_ERROR(XPATH_MEMORY_ERROR);
- }
-- for (i = 0;i < oldset->locNr;i++) {
-- xmlXPtrLocationSetAdd(newset,
-- xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ if (oldset != NULL) {
-+ for (i = 0;i < oldset->locNr;i++) {
-+ xmlXPtrLocationSetAdd(newset,
-+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ }
- }
-
- /*
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
deleted file mode 100644
index faa5770..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
+++ /dev/null
@@ -1,590 +0,0 @@
-libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2
-
-[No upstream tracking]
-
-parser: Avoid reparsing in xmlParseStartTag2
-
-The code in xmlParseStartTag2 must handle the case that the input
-buffer was grown and reallocated which can invalidate pointers to
-attribute values. Before, this was handled by detecting changes of
-the input buffer "base" pointer and, in case of a change, jumping
-back to the beginning of the function and reparsing the start tag.
-
-The major problem of this approach is that whether an input buffer is
-reallocated is nondeterministic, resulting in seemingly random test
-failures. See the mailing list thread "runtest mystery bug: name2.xml
-error case regression test" from 2012, for example.
-
-If a reallocation was detected, the code also made no attempts to
-continue parsing in case of errors which makes a difference in
-the lax "recover" mode.
-
-Now we store the current input buffer "base" pointer for each (not
-separately allocated) attribute in the namespace URI field, which isn't
-used until later. After the whole start tag was parsed, the pointers to
-the attribute values are reconstructed using the offset between the
-new and the old input buffer. This relies on arithmetic on dangling
-pointers which is technically undefined behavior. But it seems like
-the easiest and most efficient fix and a similar approach is used in
-xmlParserInputGrow.
-
-This changes the error output of several tests, typically making it
-more verbose because we try harder to continue parsing in case of errors.
-
-(Another possible solution is to check not only the "base" pointer
-but the size of the input buffer as well. But this would result in
-even more reparsing.)
-
-Remove some goto labels and deduplicate a bit of code after handling
-namespaces.
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349]
- - [https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/parser.c b/parser.c
-index 609a270..74016e3 100644
---- a/parser.c
-+++ b/parser.c
-@@ -43,6 +43,7 @@
- #include <limits.h>
- #include <string.h>
- #include <stdarg.h>
-+#include <stddef.h>
- #include <libxml/xmlmemory.h>
- #include <libxml/threads.h>
- #include <libxml/globals.h>
-@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
- const xmlChar **atts = ctxt->atts;
- int maxatts = ctxt->maxatts;
- int nratts, nbatts, nbdef;
-- int i, j, nbNs, attval, oldline, oldcol, inputNr;
-- const xmlChar *base;
-+ int i, j, nbNs, attval;
- unsigned long cur;
- int nsNr = ctxt->nsNr;
-
-@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
- * The Shrinking is only possible once the full set of attribute
- * callbacks have been done.
- */
--reparse:
- SHRINK;
-- base = ctxt->input->base;
- cur = ctxt->input->cur - ctxt->input->base;
-- inputNr = ctxt->inputNr;
-- oldline = ctxt->input->line;
-- oldcol = ctxt->input->col;
- nbatts = 0;
- nratts = 0;
- nbdef = 0;
-@@ -9422,8 +9417,6 @@ reparse:
- */
- SKIP_BLANKS;
- GROW;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-
- while (((RAW != '>') &&
- ((RAW != '/') || (NXT(1) != '>')) &&
-@@ -9434,203 +9427,174 @@ reparse:
-
- attname = xmlParseAttribute2(ctxt, prefix, localname,
- &aprefix, &attvalue, &len, &alloc);
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
-- if ((attvalue != NULL) && (alloc != 0))
-- xmlFree(attvalue);
-- attvalue = NULL;
-- goto base_changed;
-- }
-- if ((attname != NULL) && (attvalue != NULL)) {
-- if (len < 0) len = xmlStrlen(attvalue);
-- if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
-- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-- xmlURIPtr uri;
--
-- if (URL == NULL) {
-- xmlErrMemory(ctxt, "dictionary allocation failure");
-- if ((attvalue != NULL) && (alloc != 0))
-- xmlFree(attvalue);
-- return(NULL);
-- }
-- if (*URL != 0) {
-- uri = xmlParseURI((const char *) URL);
-- if (uri == NULL) {
-- xmlNsErr(ctxt, XML_WAR_NS_URI,
-- "xmlns: '%s' is not a valid URI\n",
-- URL, NULL, NULL);
-- } else {
-- if (uri->scheme == NULL) {
-- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-- "xmlns: URI %s is not absolute\n",
-- URL, NULL, NULL);
-- }
-- xmlFreeURI(uri);
-- }
-- if (URL == ctxt->str_xml_ns) {
-- if (attname != ctxt->str_xml) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace URI cannot be the default namespace\n",
-- NULL, NULL, NULL);
-- }
-- goto skip_default_ns;
-- }
-- if ((len == 29) &&
-- (xmlStrEqual(URL,
-- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "reuse of the xmlns namespace name is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_default_ns;
-- }
-- }
-- /*
-- * check that it's not a defined namespace
-- */
-- for (j = 1;j <= nbNs;j++)
-- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
-- break;
-- if (j <= nbNs)
-- xmlErrAttributeDup(ctxt, NULL, attname);
-- else
-- if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
--skip_default_ns:
-- if ((attvalue != NULL) && (alloc != 0)) {
-- xmlFree(attvalue);
-- attvalue = NULL;
-- }
-- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
-- break;
-- if (!IS_BLANK_CH(RAW)) {
-- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
-- "attributes construct error\n");
-- break;
-- }
-- SKIP_BLANKS;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-- continue;
-- }
-- if (aprefix == ctxt->str_xmlns) {
-- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-- xmlURIPtr uri;
--
-- if (attname == ctxt->str_xml) {
-- if (URL != ctxt->str_xml_ns) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace prefix mapped to wrong URI\n",
-- NULL, NULL, NULL);
-- }
-- /*
-- * Do not keep a namespace definition node
-- */
-- goto skip_ns;
-- }
-+ if ((attname == NULL) || (attvalue == NULL))
-+ goto next_attr;
-+ if (len < 0) len = xmlStrlen(attvalue);
-+
-+ if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
-+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+ xmlURIPtr uri;
-+
-+ if (URL == NULL) {
-+ xmlErrMemory(ctxt, "dictionary allocation failure");
-+ if ((attvalue != NULL) && (alloc != 0))
-+ xmlFree(attvalue);
-+ return(NULL);
-+ }
-+ if (*URL != 0) {
-+ uri = xmlParseURI((const char *) URL);
-+ if (uri == NULL) {
-+ xmlNsErr(ctxt, XML_WAR_NS_URI,
-+ "xmlns: '%s' is not a valid URI\n",
-+ URL, NULL, NULL);
-+ } else {
-+ if (uri->scheme == NULL) {
-+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+ "xmlns: URI %s is not absolute\n",
-+ URL, NULL, NULL);
-+ }
-+ xmlFreeURI(uri);
-+ }
- if (URL == ctxt->str_xml_ns) {
-- if (attname != ctxt->str_xml) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace URI mapped to wrong prefix\n",
-- NULL, NULL, NULL);
-- }
-- goto skip_ns;
-- }
-- if (attname == ctxt->str_xmlns) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "redefinition of the xmlns prefix is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_ns;
-- }
-- if ((len == 29) &&
-- (xmlStrEqual(URL,
-- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "reuse of the xmlns namespace name is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_ns;
-- }
-- if ((URL == NULL) || (URL[0] == 0)) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xmlns:%s: Empty XML namespace is not allowed\n",
-- attname, NULL, NULL);
-- goto skip_ns;
-- } else {
-- uri = xmlParseURI((const char *) URL);
-- if (uri == NULL) {
-- xmlNsErr(ctxt, XML_WAR_NS_URI,
-- "xmlns:%s: '%s' is not a valid URI\n",
-- attname, URL, NULL);
-- } else {
-- if ((ctxt->pedantic) && (uri->scheme == NULL)) {
-- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-- "xmlns:%s: URI %s is not absolute\n",
-- attname, URL, NULL);
-- }
-- xmlFreeURI(uri);
-- }
-- }
--
-- /*
-- * check that it's not a defined namespace
-- */
-- for (j = 1;j <= nbNs;j++)
-- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
-- break;
-- if (j <= nbNs)
-- xmlErrAttributeDup(ctxt, aprefix, attname);
-- else
-- if (nsPush(ctxt, attname, URL) > 0) nbNs++;
--skip_ns:
-- if ((attvalue != NULL) && (alloc != 0)) {
-- xmlFree(attvalue);
-- attvalue = NULL;
-- }
-- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
-- break;
-- if (!IS_BLANK_CH(RAW)) {
-- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
-- "attributes construct error\n");
-- break;
-- }
-- SKIP_BLANKS;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-- continue;
-- }
-+ if (attname != ctxt->str_xml) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace URI cannot be the default namespace\n",
-+ NULL, NULL, NULL);
-+ }
-+ goto next_attr;
-+ }
-+ if ((len == 29) &&
-+ (xmlStrEqual(URL,
-+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "reuse of the xmlns namespace name is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ }
-+ /*
-+ * check that it's not a defined namespace
-+ */
-+ for (j = 1;j <= nbNs;j++)
-+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
-+ break;
-+ if (j <= nbNs)
-+ xmlErrAttributeDup(ctxt, NULL, attname);
-+ else
-+ if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
-+
-+ } else if (aprefix == ctxt->str_xmlns) {
-+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+ xmlURIPtr uri;
-+
-+ if (attname == ctxt->str_xml) {
-+ if (URL != ctxt->str_xml_ns) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace prefix mapped to wrong URI\n",
-+ NULL, NULL, NULL);
-+ }
-+ /*
-+ * Do not keep a namespace definition node
-+ */
-+ goto next_attr;
-+ }
-+ if (URL == ctxt->str_xml_ns) {
-+ if (attname != ctxt->str_xml) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace URI mapped to wrong prefix\n",
-+ NULL, NULL, NULL);
-+ }
-+ goto next_attr;
-+ }
-+ if (attname == ctxt->str_xmlns) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "redefinition of the xmlns prefix is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ if ((len == 29) &&
-+ (xmlStrEqual(URL,
-+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "reuse of the xmlns namespace name is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ if ((URL == NULL) || (URL[0] == 0)) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xmlns:%s: Empty XML namespace is not allowed\n",
-+ attname, NULL, NULL);
-+ goto next_attr;
-+ } else {
-+ uri = xmlParseURI((const char *) URL);
-+ if (uri == NULL) {
-+ xmlNsErr(ctxt, XML_WAR_NS_URI,
-+ "xmlns:%s: '%s' is not a valid URI\n",
-+ attname, URL, NULL);
-+ } else {
-+ if ((ctxt->pedantic) && (uri->scheme == NULL)) {
-+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+ "xmlns:%s: URI %s is not absolute\n",
-+ attname, URL, NULL);
-+ }
-+ xmlFreeURI(uri);
-+ }
-+ }
-
-- /*
-- * Add the pair to atts
-- */
-- if ((atts == NULL) || (nbatts + 5 > maxatts)) {
-- if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
-- if (attvalue[len] == 0)
-- xmlFree(attvalue);
-- goto failed;
-- }
-- maxatts = ctxt->maxatts;
-- atts = ctxt->atts;
-- }
-- ctxt->attallocs[nratts++] = alloc;
-- atts[nbatts++] = attname;
-- atts[nbatts++] = aprefix;
-- atts[nbatts++] = NULL; /* the URI will be fetched later */
-- atts[nbatts++] = attvalue;
-- attvalue += len;
-- atts[nbatts++] = attvalue;
-- /*
-- * tag if some deallocation is needed
-- */
-- if (alloc != 0) attval = 1;
-- } else {
-- if ((attvalue != NULL) && (attvalue[len] == 0))
-- xmlFree(attvalue);
-- }
-+ /*
-+ * check that it's not a defined namespace
-+ */
-+ for (j = 1;j <= nbNs;j++)
-+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
-+ break;
-+ if (j <= nbNs)
-+ xmlErrAttributeDup(ctxt, aprefix, attname);
-+ else
-+ if (nsPush(ctxt, attname, URL) > 0) nbNs++;
-+
-+ } else {
-+ /*
-+ * Add the pair to atts
-+ */
-+ if ((atts == NULL) || (nbatts + 5 > maxatts)) {
-+ if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
-+ goto next_attr;
-+ }
-+ maxatts = ctxt->maxatts;
-+ atts = ctxt->atts;
-+ }
-+ ctxt->attallocs[nratts++] = alloc;
-+ atts[nbatts++] = attname;
-+ atts[nbatts++] = aprefix;
-+ /*
-+ * The namespace URI field is used temporarily to point at the
-+ * base of the current input buffer for non-alloced attributes.
-+ * When the input buffer is reallocated, all the pointers become
-+ * invalid, but they can be reconstructed later.
-+ */
-+ if (alloc)
-+ atts[nbatts++] = NULL;
-+ else
-+ atts[nbatts++] = ctxt->input->base;
-+ atts[nbatts++] = attvalue;
-+ attvalue += len;
-+ atts[nbatts++] = attvalue;
-+ /*
-+ * tag if some deallocation is needed
-+ */
-+ if (alloc != 0) attval = 1;
-+ attvalue = NULL; /* moved into atts */
-+ }
-
--failed:
-+next_attr:
-+ if ((attvalue != NULL) && (alloc != 0)) {
-+ xmlFree(attvalue);
-+ attvalue = NULL;
-+ }
-
- GROW
- if (ctxt->instate == XML_PARSER_EOF)
- break;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
- break;
- if (!IS_BLANK_CH(RAW)) {
-@@ -9646,8 +9610,20 @@ failed:
- break;
- }
- GROW;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-+ }
-+
-+ /* Reconstruct attribute value pointers. */
-+ for (i = 0, j = 0; j < nratts; i += 5, j++) {
-+ if (atts[i+2] != NULL) {
-+ /*
-+ * Arithmetic on dangling pointers is technically undefined
-+ * behavior, but well...
-+ */
-+ ptrdiff_t offset = ctxt->input->base - atts[i+2];
-+ atts[i+2] = NULL; /* Reset repurposed namespace URI */
-+ atts[i+3] += offset; /* value */
-+ atts[i+4] += offset; /* valuend */
-+ }
- }
-
- /*
-@@ -9804,34 +9780,6 @@ failed:
- }
-
- return(localname);
--
--base_changed:
-- /*
-- * the attribute strings are valid iif the base didn't changed
-- */
-- if (attval != 0) {
-- for (i = 3,j = 0; j < nratts;i += 5,j++)
-- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
-- xmlFree((xmlChar *) atts[i]);
-- }
--
-- /*
-- * We can't switch from one entity to another in the middle
-- * of a start tag
-- */
-- if (inputNr != ctxt->inputNr) {
-- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
-- "Start tag doesn't start and stop in the same entity\n");
-- return(NULL);
-- }
--
-- ctxt->input->cur = ctxt->input->base + cur;
-- ctxt->input->line = oldline;
-- ctxt->input->col = oldcol;
-- if (ctxt->wellFormed == 1) {
-- goto reparse;
-- }
-- return(NULL);
- }
-
- /**
-diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err
-index e08d9bf..f6036a3 100644
---- a/result/errors/759398.xml.err
-+++ b/result/errors/759398.xml.err
-@@ -1,9 +1,12 @@
- ./test/errors/759398.xml:210: parser error : StartTag: invalid element name
- need to worry about parsers whi<! don't expand PErefs finding
- ^
--./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: spec line 50 and termdef
-+./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââm line 308 and termdef
- and provide access to their content and structure.</termdef> <termdef
- ^
--./test/errors/759398.xml:309: parser error : Extra content at the end of the document
--and provide access to their content and structure.</termdef> <termdef
-- ^
-+./test/errors/759398.xml:314: parser error : Opening and ending tag mismatch: spec line 50 and p
-+data and the information it must provide to the application.</p>
-+ ^
-+./test/errors/759398.xml:316: parser error : Extra content at the end of the document
-+<div2 id='sec-origin-goals'>
-+^
-diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err
-index 4f08538..c4c4fc8 100644
---- a/result/errors/attr1.xml.err
-+++ b/result/errors/attr1.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr1.xml:2: parser error : AttValue: ' expected
-
- ^
--./test/errors/attr1.xml:1: parser error : Extra content at the end of the document
--<foo foo="oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr1.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr1.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/attr2.xml.err b/result/errors/attr2.xml.err
-index c8a9c7d..77e342e 100644
---- a/result/errors/attr2.xml.err
-+++ b/result/errors/attr2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr2.xml:2: parser error : AttValue: ' expected
-
- ^
--./test/errors/attr2.xml:1: parser error : Extra content at the end of the document
--<foo foo=">ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err
-index a6649a1..8a6acee 100644
---- a/result/errors/name2.xml.err
-+++ b/result/errors/name2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/name2.xml:2: parser error : Specification mandate value for attribute foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-
- ^
--./test/errors/name2.xml:1: parser error : Extra content at the end of the document
--<foo foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/name2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/name2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
deleted file mode 100644
index 65f6bef..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-libxml2-2.9.4: Fix comparison with root node in xmlXPathCmpNodes and NULL pointer deref in XPointer
-
-xpath:
- - Check for errors after evaluating first operand.
- - Add sanity check for empty stack.
- - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8]
-CVE: CVE-2016-5131
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
-new file mode 100644
-index 0000000..d589882
---- /dev/null
-+++ b/result/XPath/xptr/viderror
-@@ -0,0 +1,4 @@
-+
-+========================
-+Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
-+Object is empty (NULL)
-diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
-new file mode 100644
-index 0000000..da8c53b
---- /dev/null
-+++ b/test/XPath/xptr/viderror
-@@ -0,0 +1 @@
-+xpointer(non-existing-fn()/range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index 113bce6..d992841 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
- * compute depth to root
- */
- for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node1)
-+ if (cur->parent == node1)
- return(1);
- depth2++;
- }
- root = cur;
- for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node2)
-+ if (cur->parent == node2)
- return(-1);
- depth1++;
- }
-@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- xmlNodeSetPtr oldset;
- int i, j;
-
-- if (op->ch1 != -1)
-+ if (op->ch1 != -1) {
- total +=
- xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
-+ CHECK_ERROR0;
-+ }
-+ if (ctxt->value == NULL) {
-+ XP_ERROR0(XPATH_INVALID_OPERAND);
-+ }
- if (op->ch2 == -1)
- return (total);
-
diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch b/meta/recipes-core/libxml/libxml2/runtest.patch
index 6e56857..e747808 100644
--- a/meta/recipes-core/libxml/libxml2/runtest.patch
+++ b/meta/recipes-core/libxml/libxml2/runtest.patch
@@ -2,13 +2,13 @@ Add 'install-ptest' rule.
Print a standard result line for each test.
Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
-Signed-off-by: Andrej Valek <andrej.valek@enea.com>
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Upstream-Status: Backport
diff -uNr a/Makefile.am b/Makefile.am
---- a/Makefile.am 2016-05-22 03:49:02.000000000 +0200
-+++ b/Makefile.am 2017-06-14 10:38:43.381305385 +0200
-@@ -202,10 +202,24 @@
+--- a/Makefile.am 2017-08-28 15:01:14.000000000 +0200
++++ b/Makefile.am 2017-09-05 08:06:05.752287323 +0200
+@@ -202,6 +202,15 @@
#testOOM_DEPENDENCIES = $(DEPS)
#testOOM_LDADD= $(LDADDS)
@@ -21,28 +21,10 @@ diff -uNr a/Makefile.am b/Makefile.am
+ cp Makefile $(DESTDIR)
+ sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile
+
- runtests:
+ runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \
+ testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT)
[ -d test ] || $(LN_S) $(srcdir)/test .
- [ -d result ] || $(LN_S) $(srcdir)/result .
-- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
-+ $(CHECKER) ./runtest$(EXEEXT) && \
-+ $(CHECKER) ./testrecurse$(EXEEXT) && \
-+ ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) ./testapi$(EXEEXT) && \
-+ $(CHECKER) ./testchar$(EXEEXT) && \
-+ $(CHECKER) ./testdict$(EXEEXT) && \
-+ $(CHECKER) ./runxmlconf$(EXEEXT)
- @(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \
- $(MAKE) tests ; fi)
-
-@@ -229,7 +243,7 @@
-
- APItests: testapi$(EXEEXT)
- @echo "## Running the API regression tests this may take a little while"
-- -@($(CHECKER) $(top_builddir)/testapi -q)
-+ -@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) $(top_builddir)/testapi -q)
-
- HTMLtests : testHTML$(EXEEXT)
- @(echo > .memdump)
+
diff -uNr a/runsuite.c b/runsuite.c
--- a/runsuite.c 2013-04-12 16:17:11.462823238 +0200
+++ b/runsuite.c 2013-04-17 14:07:24.352693211 +0200
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.5.bb
similarity index 85%
rename from meta/recipes-core/libxml/libxml2_2.9.4.bb
rename to meta/recipes-core/libxml/libxml2_2.9.5.bb
index 107539b..16391c3 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.5.bb
@@ -19,21 +19,11 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
file://run-ptest \
file://python-sitepackages-dir.patch \
file://libxml-m4-use-pkgconfig.patch \
- file://libxml2-fix_node_comparison.patch \
- file://libxml2-CVE-2016-5131.patch \
- file://libxml2-CVE-2016-4658.patch \
- file://libxml2-fix_NULL_pointer_derefs.patch \
- file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
- file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
- file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
- file://libxml2-CVE-2017-5969.patch \
- file://libxml2-CVE-2017-0663.patch \
- file://libxml2-CVE-2017-8872.patch \
file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
"
-SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
-SRC_URI[libtar.sha256sum] = "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c"
+SRC_URI[libtar.md5sum] = "5ce0da9bdaa267b40c4ca36d35363b8b"
+SRC_URI[libtar.sha256sum] = "4031c1ecee9ce7ba4f313e91ef6284164885cdb69937a123f6a83bb6a72dcd38"
SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a"
SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
--
2.1.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* Re: [PATCH] libxml2: 2.9.4 -> 2.9.5
2017-09-05 6:35 [PATCH] libxml2: 2.9.4 -> 2.9.5 Andrej Valek
@ 2017-09-05 9:19 ` Burton, Ross
2017-09-05 17:28 ` Andrej Valek
2017-09-28 12:06 ` [PATCH v2] " Andrej Valek
` (3 subsequent siblings)
4 siblings, 1 reply; 24+ messages in thread
From: Burton, Ross @ 2017-09-05 9:19 UTC (permalink / raw)
To: Andrej Valek; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 293 bytes --]
On 5 September 2017 at 07:35, Andrej Valek <andrej.valek@siemens.com> wrote:
> Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
>
We're past freeze to the upgrade will have to wait until 2.4 releases. Does
this fix any outstanding CVEs that we should be cherry-picking?
Ross
[-- Attachment #2: Type: text/html, Size: 682 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH] libxml2: 2.9.4 -> 2.9.5
2017-09-05 9:19 ` Burton, Ross
@ 2017-09-05 17:28 ` Andrej Valek
2017-09-05 18:52 ` Burton, Ross
0 siblings, 1 reply; 24+ messages in thread
From: Andrej Valek @ 2017-09-05 17:28 UTC (permalink / raw)
To: Burton, Ross; +Cc: OE-core
Hi Ross,
There are not any CVEs fixes which has not been already merged. There
are only general changes. Of course, we can "clean" a lot of patches by
accepting this.
Regards,
Andrej
On 09/05/2017 11:19 AM, Burton, Ross wrote:
> On 5 September 2017 at 07:35, Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>> wrote:
>
> Signed-off-by: Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>>
>
>
> We're past freeze to the upgrade will have to wait until 2.4 releases. Does this
> fix any outstanding CVEs that we should be cherry-picking?
>
> Ross
>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH] libxml2: 2.9.4 -> 2.9.5
2017-09-05 17:28 ` Andrej Valek
@ 2017-09-05 18:52 ` Burton, Ross
2017-09-06 6:16 ` Andrej Valek
0 siblings, 1 reply; 24+ messages in thread
From: Burton, Ross @ 2017-09-05 18:52 UTC (permalink / raw)
To: Andrej Valek; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 840 bytes --]
Also the patch has been corrupted by SMTP. Is it in a branch somewhere?
Ross
On 5 September 2017 at 18:28, Andrej Valek <andrej.valek@siemens.com> wrote:
> Hi Ross,
>
> There are not any CVEs fixes which has not been already merged. There
> are only general changes. Of course, we can "clean" a lot of patches by
> accepting this.
>
> Regards,
> Andrej
>
> On 09/05/2017 11:19 AM, Burton, Ross wrote:
> > On 5 September 2017 at 07:35, Andrej Valek <andrej.valek@siemens.com
> > <mailto:andrej.valek@siemens.com>> wrote:
> >
> > Signed-off-by: Andrej Valek <andrej.valek@siemens.com
> > <mailto:andrej.valek@siemens.com>>
> >
> >
> > We're past freeze to the upgrade will have to wait until 2.4 releases.
> Does this
> > fix any outstanding CVEs that we should be cherry-picking?
> >
> > Ross
> >
>
[-- Attachment #2: Type: text/html, Size: 1565 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH] libxml2: 2.9.4 -> 2.9.5
2017-09-05 18:52 ` Burton, Ross
@ 2017-09-06 6:16 ` Andrej Valek
2017-09-27 8:52 ` Andrej Valek
0 siblings, 1 reply; 24+ messages in thread
From: Andrej Valek @ 2017-09-06 6:16 UTC (permalink / raw)
To: Burton, Ross; +Cc: OE-core
I have created a PR:
https://github.com/openembedded/openembedded-core/pull/23 as last time.
Andrej
On 09/05/2017 08:52 PM, Burton, Ross wrote:
> Also the patch has been corrupted by SMTP. Is it in a branch somewhere?
>
> Ross
>
> On 5 September 2017 at 18:28, Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>> wrote:
>
> Hi Ross,
>
> There are not any CVEs fixes which has not been already merged. There
> are only general changes. Of course, we can "clean" a lot of patches by
> accepting this.
>
> Regards,
> Andrej
>
> On 09/05/2017 11:19 AM, Burton, Ross wrote:
> > On 5 September 2017 at 07:35, Andrej Valek <andrej.valek@siemens.com <mailto:andrej.valek@siemens.com>
> > <mailto:andrej.valek@siemens.com <mailto:andrej.valek@siemens.com>>> wrote:
> >
> > Signed-off-by: Andrej Valek <andrej.valek@siemens.com <mailto:andrej.valek@siemens.com>
> > <mailto:andrej.valek@siemens.com <mailto:andrej.valek@siemens.com>>>
> >
> >
> > We're past freeze to the upgrade will have to wait until 2.4 releases.
> Does this
> > fix any outstanding CVEs that we should be cherry-picking?
> >
> > Ross
> >
>
>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH] libxml2: 2.9.4 -> 2.9.5
2017-09-06 6:16 ` Andrej Valek
@ 2017-09-27 8:52 ` Andrej Valek
2017-09-27 15:35 ` Burton, Ross
0 siblings, 1 reply; 24+ messages in thread
From: Andrej Valek @ 2017-09-27 8:52 UTC (permalink / raw)
To: Burton, Ross; +Cc: OE-core
Hi Ross,
Could You please provide my the current status of my request?
Thank You,
Andrej
On 09/06/2017 08:16 AM, Andrej Valek wrote:
> I have created a PR:
> https://github.com/openembedded/openembedded-core/pull/23 as last time.
>
> Andrej
>
> On 09/05/2017 08:52 PM, Burton, Ross wrote:
>> Also the patch has been corrupted by SMTP. Is it in a branch somewhere?
>>
>> Ross
>>
>> On 5 September 2017 at 18:28, Andrej Valek <andrej.valek@siemens.com
>> <mailto:andrej.valek@siemens.com>> wrote:
>>
>> Hi Ross,
>>
>> There are not any CVEs fixes which has not been already merged. There
>> are only general changes. Of course, we can "clean" a lot of patches by
>> accepting this.
>>
>> Regards,
>> Andrej
>>
>> On 09/05/2017 11:19 AM, Burton, Ross wrote:
>> > On 5 September 2017 at 07:35, Andrej Valek <andrej.valek@siemens.com <mailto:andrej.valek@siemens.com>
>> > <mailto:andrej.valek@siemens.com <mailto:andrej.valek@siemens.com>>> wrote:
>> >
>> > Signed-off-by: Andrej Valek <andrej.valek@siemens.com <mailto:andrej.valek@siemens.com>
>> > <mailto:andrej.valek@siemens.com <mailto:andrej.valek@siemens.com>>>
>> >
>> >
>> > We're past freeze to the upgrade will have to wait until 2.4 releases.
>> Does this
>> > fix any outstanding CVEs that we should be cherry-picking?
>> >
>> > Ross
>> >
>>
>>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH] libxml2: 2.9.4 -> 2.9.5
2017-09-27 8:52 ` Andrej Valek
@ 2017-09-27 15:35 ` Burton, Ross
2017-09-28 6:06 ` Andrej Valek
0 siblings, 1 reply; 24+ messages in thread
From: Burton, Ross @ 2017-09-27 15:35 UTC (permalink / raw)
To: Andrej Valek; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 635 bytes --]
On 27 September 2017 at 09:52, Andrej Valek <andrej.valek@siemens.com>
wrote:
> Could You please provide my the current status of my request?
>
Too much of a change for frozen master so it will have to wait for master
to reopen.
However it fails to build with ptest enabled:
| NOTE: make
DESTDIR=/data/poky-tmp/master/build/work/corei7-64-poky-linux/libxml2/2.9.5-r0/image/usr/lib/libxml2/ptest
install-ptest
| install: missing destination file operand after
'/data/poky-tmp/master/build/work/corei7-64-poky-linux/libxml2/2.9.5-r0/image/usr/lib/libxml2/ptest'
(noinst_PROGRAMS isn't set in the makefile)
Ross
[-- Attachment #2: Type: text/html, Size: 1121 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH] libxml2: 2.9.4 -> 2.9.5
2017-09-27 15:35 ` Burton, Ross
@ 2017-09-28 6:06 ` Andrej Valek
2017-09-28 9:34 ` Burton, Ross
0 siblings, 1 reply; 24+ messages in thread
From: Andrej Valek @ 2017-09-28 6:06 UTC (permalink / raw)
To: Burton, Ross; +Cc: OE-core
Thank You for pointing to this. I have fixed and updated the pull request.
Andrej
On 09/27/2017 05:35 PM, Burton, Ross wrote:
> On 27 September 2017 at 09:52, Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>> wrote:
>
> Could You please provide my the current status of my request?
>
>
> Too much of a change for frozen master so it will have to wait for master to reopen.
>
> However it fails to build with ptest enabled:
>
> | NOTE: make
> DESTDIR=/data/poky-tmp/master/build/work/corei7-64-poky-linux/libxml2/2.9.5-r0/image/usr/lib/libxml2/ptest
> install-ptest
> | install: missing destination file operand after
> '/data/poky-tmp/master/build/work/corei7-64-poky-linux/libxml2/2.9.5-r0/image/usr/lib/libxml2/ptest'
>
> (noinst_PROGRAMS isn't set in the makefile)
>
> Ross
>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH] libxml2: 2.9.4 -> 2.9.5
2017-09-28 6:06 ` Andrej Valek
@ 2017-09-28 9:34 ` Burton, Ross
2017-09-28 10:14 ` Andrej Valek
0 siblings, 1 reply; 24+ messages in thread
From: Burton, Ross @ 2017-09-28 9:34 UTC (permalink / raw)
To: Andrej Valek; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 1080 bytes --]
Can you resubmit the patch here too please, patch review happens primarily
on the list.
Ross
On 28 September 2017 at 07:06, Andrej Valek <andrej.valek@siemens.com>
wrote:
> Thank You for pointing to this. I have fixed and updated the pull request.
>
> Andrej
>
> On 09/27/2017 05:35 PM, Burton, Ross wrote:
> > On 27 September 2017 at 09:52, Andrej Valek <andrej.valek@siemens.com
> > <mailto:andrej.valek@siemens.com>> wrote:
> >
> > Could You please provide my the current status of my request?
> >
> >
> > Too much of a change for frozen master so it will have to wait for
> master to reopen.
> >
> > However it fails to build with ptest enabled:
> >
> > | NOTE: make
> > DESTDIR=/data/poky-tmp/master/build/work/corei7-64-poky-
> linux/libxml2/2.9.5-r0/image/usr/lib/libxml2/ptest
> > install-ptest
> > | install: missing destination file operand after
> > '/data/poky-tmp/master/build/work/corei7-64-poky-linux/
> libxml2/2.9.5-r0/image/usr/lib/libxml2/ptest'
> >
> > (noinst_PROGRAMS isn't set in the makefile)
> >
> > Ross
> >
>
[-- Attachment #2: Type: text/html, Size: 1783 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH] libxml2: 2.9.4 -> 2.9.5
2017-09-28 9:34 ` Burton, Ross
@ 2017-09-28 10:14 ` Andrej Valek
2017-09-28 10:24 ` Burton, Ross
0 siblings, 1 reply; 24+ messages in thread
From: Andrej Valek @ 2017-09-28 10:14 UTC (permalink / raw)
To: Burton, Ross; +Cc: OE-core
Of course, but there is a problem with mailing list encoding. This is
the reason, why is pushed into branch.
Only for the information. A difference between last version posted here,
is only in file runtest.patch So, basically the versions are the same.
>-+ install $(noinst_PROGRAMS) $(DESTDIR))
>++ install $(check_PROGRAMS) $(DESTDIR))
Developers changed variable for binaries in Makefile.
Andrej
On 09/28/2017 11:34 AM, Burton, Ross wrote:
> Can you resubmit the patch here too please, patch review happens primarily on
> the list.
>
> Ross
>
> On 28 September 2017 at 07:06, Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>> wrote:
>
> Thank You for pointing to this. I have fixed and updated the pull request.
>
> Andrej
>
> On 09/27/2017 05:35 PM, Burton, Ross wrote:
> > On 27 September 2017 at 09:52, Andrej Valek <andrej.valek@siemens.com <mailto:andrej.valek@siemens.com>
> > <mailto:andrej.valek@siemens.com <mailto:andrej.valek@siemens.com>>> wrote:
> >
> > Could You please provide my the current status of my request?
> >
> >
> > Too much of a change for frozen master so it will have to wait for master
> to reopen.
> >
> > However it fails to build with ptest enabled:
> >
> > | NOTE: make
> >
> DESTDIR=/data/poky-tmp/master/build/work/corei7-64-poky-linux/libxml2/2.9.5-r0/image/usr/lib/libxml2/ptest
> > install-ptest
> > | install: missing destination file operand after
> >
> '/data/poky-tmp/master/build/work/corei7-64-poky-linux/libxml2/2.9.5-r0/image/usr/lib/libxml2/ptest'
> >
> > (noinst_PROGRAMS isn't set in the makefile)
> >
> > Ross
> >
>
>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH] libxml2: 2.9.4 -> 2.9.5
2017-09-28 10:14 ` Andrej Valek
@ 2017-09-28 10:24 ` Burton, Ross
0 siblings, 0 replies; 24+ messages in thread
From: Burton, Ross @ 2017-09-28 10:24 UTC (permalink / raw)
To: Andrej Valek; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 326 bytes --]
On 28 September 2017 at 11:14, Andrej Valek <andrej.valek@siemens.com>
wrote:
> Of course, but there is a problem with mailing list encoding. This is
> the reason, why is pushed into branch.
>
I understand, and I will be pulling from the branch, but review is on the
list so patches need to be on the list.
Ross
[-- Attachment #2: Type: text/html, Size: 660 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* [PATCH v2] libxml2: 2.9.4 -> 2.9.5
2017-09-05 6:35 [PATCH] libxml2: 2.9.4 -> 2.9.5 Andrej Valek
2017-09-05 9:19 ` Burton, Ross
@ 2017-09-28 12:06 ` Andrej Valek
2017-09-28 16:18 ` Burton, Ross
2017-09-29 7:08 ` [PATCH v3] " Andrej Valek
` (2 subsequent siblings)
4 siblings, 1 reply; 24+ messages in thread
From: Andrej Valek @ 2017-09-28 12:06 UTC (permalink / raw)
To: openembedded-core
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=UTF-8, Size: 90987 bytes --]
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
---
.../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +-
.../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 ----------
.../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 -------
.../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 --
.../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ---
.../libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 --
.../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ----
.../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ----------
.../libxml2/libxml2-fix_NULL_pointer_derefs.patch | 45 --
...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 ---------------------
.../libxml2/libxml2-fix_node_comparison.patch | 67 ---
meta/recipes-core/libxml/libxml2/runtest.patch | 34 +-
.../libxml/{libxml2_2.9.4.bb => libxml2_2.9.5.bb} | 14 +-
13 files changed, 11 insertions(+), 1723 deletions(-)
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
rename meta/recipes-core/libxml/{libxml2_2.9.4.bb => libxml2_2.9.5.bb} (85%)
diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
index 3277165..d9ed151 100644
--- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
+++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
@@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644
- echo "*** If you have an old version installed, it is best to remove it, although"
- echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ],
- [ echo "*** The test program failed to compile or link. See the file config.log for the"
-- echo "*** exact error that occured. This usually means LIBXML was incorrectly installed"
+- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed"
- echo "*** or that you have moved LIBXML since it was installed. In the latter case, you"
- echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ])
- CPPFLAGS="$ac_save_CPPFLAGS"
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
deleted file mode 100644
index bb55eed..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
+++ /dev/null
@@ -1,269 +0,0 @@
-libxml2-2.9.4: Fix CVE-2016-4658
-
-[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658
-
-xpointer: Disallow namespace nodes in XPointer points and ranges
-
-Namespace nodes must be copied to avoid use-after-free errors.
-But they don't necessarily have a physical representation in a
-document, so simply disallow them in XPointer ranges.
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=3f8a91036d338e51c059d54397a42d645f019c65]
-CVE: CVE-2016-4658
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..911680d 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
- }
-
- /**
-+ * xmlXPtrNewRangeInternal:
-+ * @start: the starting node
-+ * @startindex: the start index
-+ * @end: the ending point
-+ * @endindex: the ending index
-+ *
-+ * Internal function to create a new xmlXPathObjectPtr of type range
-+ *
-+ * Returns the newly created object.
-+ */
-+static xmlXPathObjectPtr
-+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
-+ xmlNodePtr end, int endindex) {
-+ xmlXPathObjectPtr ret;
-+
-+ /*
-+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
-+ * Disallow them for now.
-+ */
-+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+
-+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-+ if (ret == NULL) {
-+ xmlXPtrErrMemory("allocating range");
-+ return(NULL);
-+ }
-+ memset(ret, 0, sizeof(xmlXPathObject));
-+ ret->type = XPATH_RANGE;
-+ ret->user = start;
-+ ret->index = startindex;
-+ ret->user2 = end;
-+ ret->index2 = endindex;
-+ return(ret);
-+}
-+
-+/**
- * xmlXPtrNewRange:
- * @start: the starting node
- * @startindex: the start index
-@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
- if (endindex < 0)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = startindex;
-- ret->user2 = end;
-- ret->index2 = endindex;
-+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
-+ end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
- if (start->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
- if (end == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- if (start == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = NULL;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
- return(ret);
- }
-
-@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- */
- xmlXPathObjectPtr
- xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
-+ xmlNodePtr endNode;
-+ int endIndex;
- xmlXPathObjectPtr ret;
-
- if (start == NULL)
-@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- return(NULL);
- switch (end->type) {
- case XPATH_POINT:
-+ endNode = end->user;
-+ endIndex = end->index;
-+ break;
- case XPATH_RANGE:
-+ endNode = end->user2;
-+ endIndex = end->index2;
- break;
- case XPATH_NODESET:
- /*
-@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- */
- if (end->nodesetval->nodeNr <= 0)
- return(NULL);
-+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-+ endIndex = -1;
- break;
- default:
- /* TODO */
- return(NULL);
- }
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- switch (end->type) {
-- case XPATH_POINT:
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-- break;
-- case XPATH_RANGE:
-- ret->user2 = end->user2;
-- ret->index2 = end->index2;
-- break;
-- case XPATH_NODESET: {
-- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-- ret->index2 = -1;
-- break;
-- }
-- default:
-- STRANGE
-- return(NULL);
-- }
-+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
-@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user2;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
deleted file mode 100644
index 9d47d02..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
+++ /dev/null
@@ -1,180 +0,0 @@
-From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 14:22:23 +0200
-Subject: [PATCH] Fix XPointer paths beginning with range-to
-
-The old code would invoke the broken xmlXPtrRangeToFunction. range-to
-isn't really a function but a special kind of location step. Remove
-this function and always handle range-to in the XPath code.
-
-The old xmlXPtrRangeToFunction could also be abused to trigger a
-use-after-free error with the potential for remote code execution.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-5131.
-
-CVE: CVE-2016-5131
-Upstream-Status: Backport
-https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- result/XPath/xptr/vidbase | 13 ++++++++
- test/XPath/xptr/vidbase | 1 +
- xpath.c | 7 ++++-
- xpointer.c | 76 ++++-------------------------------------------
- 4 files changed, 26 insertions(+), 71 deletions(-)
-
-diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
-index 8b9e92d..f19193e 100644
---- a/result/XPath/xptr/vidbase
-+++ b/result/XPath/xptr/vidbase
-@@ -17,3 +17,16 @@ Object is a Location Set:
- To node
- ELEMENT p
-
-+
-+========================
-+Expression: xpointer(range-to(id('chapter2')))
-+Object is a Location Set:
-+1 : Object is a range :
-+ From node
-+ /
-+ To node
-+ ELEMENT chapter
-+ ATTRIBUTE id
-+ TEXT
-+ content=chapter2
-+
-diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
-index b146383..884b106 100644
---- a/test/XPath/xptr/vidbase
-+++ b/test/XPath/xptr/vidbase
-@@ -1,2 +1,3 @@
- xpointer(id('chapter1')/p)
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
-+xpointer(range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index d992841..5a01b1b 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
- lc = 1;
- break;
- } else if ((NXT(len) == '(')) {
-- /* Note Type or Function */
-+ /* Node Type or Function */
- if (xmlXPathIsNodeType(name)) {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
- "PathExpr: Type search\n");
- #endif
- lc = 1;
-+#ifdef LIBXML_XPTR_ENABLED
-+ } else if (ctxt->xptr &&
-+ xmlStrEqual(name, BAD_CAST "range-to")) {
-+ lc = 1;
-+#endif
- } else {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..d74174a 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
- ret->here = here;
- ret->origin = origin;
-
-- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
-- xmlXPtrRangeToFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range",
- xmlXPtrRangeFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
-@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- * @nargs: the number of args
- *
- * Implement the range-to() XPointer function
-+ *
-+ * Obsolete. range-to is not a real function but a special type of location
-+ * step which is handled in xpath.c.
- */
- void
--xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
-- xmlXPathObjectPtr range;
-- const xmlChar *cur;
-- xmlXPathObjectPtr res, obj;
-- xmlXPathObjectPtr tmp;
-- xmlLocationSetPtr newset = NULL;
-- xmlNodeSetPtr oldset;
-- int i;
--
-- if (ctxt == NULL) return;
-- CHECK_ARITY(1);
-- /*
-- * Save the expression pointer since we will have to evaluate
-- * it multiple times. Initialize the new set.
-- */
-- CHECK_TYPE(XPATH_NODESET);
-- obj = valuePop(ctxt);
-- oldset = obj->nodesetval;
-- ctxt->context->node = NULL;
--
-- cur = ctxt->cur;
-- newset = xmlXPtrLocationSetCreate(NULL);
--
-- for (i = 0; i < oldset->nodeNr; i++) {
-- ctxt->cur = cur;
--
-- /*
-- * Run the evaluation with a node list made of a single item
-- * in the nodeset.
-- */
-- ctxt->context->node = oldset->nodeTab[i];
-- tmp = xmlXPathNewNodeSet(ctxt->context->node);
-- valuePush(ctxt, tmp);
--
-- xmlXPathEvalExpr(ctxt);
-- CHECK_ERROR;
--
-- /*
-- * The result of the evaluation need to be tested to
-- * decided whether the filter succeeded or not
-- */
-- res = valuePop(ctxt);
-- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
-- if (range != NULL) {
-- xmlXPtrLocationSetAdd(newset, range);
-- }
--
-- /*
-- * Cleanup
-- */
-- if (res != NULL)
-- xmlXPathFreeObject(res);
-- if (ctxt->value == tmp) {
-- res = valuePop(ctxt);
-- xmlXPathFreeObject(res);
-- }
--
-- ctxt->context->node = NULL;
-- }
--
-- /*
-- * The result is used as the new evaluation set.
-- */
-- xmlXPathFreeObject(obj);
-- ctxt->context->node = NULL;
-- ctxt->context->contextSize = -1;
-- ctxt->context->proximityPosition = -1;
-- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
-+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
-+ int nargs ATTRIBUTE_UNUSED) {
-+ XP_ERROR(XPATH_EXPR_ERROR);
- }
-
- /**
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
deleted file mode 100644
index 0108265..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-libxml2: Fix CVE-2017-0663
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
-
-valid: Fix type confusion in xmlValidateOneNamespace
-
-Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
-on namespace declarations make no practical sense anyway.
-
-Fixes bug 780228
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
-CVE: CVE-2017-0663
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..e03d35e 100644
---- a/valid.c
-+++ b/valid.c
-@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- }
- }
-
-+ /*
-+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
-+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
-+ * no practical sense to use ID types anyway.
-+ */
-+#if 0
- /* Validity Constraint: ID uniqueness */
- if (attrDecl->atype == XML_ATTRIBUTE_ID) {
- if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
-@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
- ret = 0;
- }
-+#endif
-
- /* Validity Constraint: Notation Attributes */
- if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
deleted file mode 100644
index 571b05c..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-5969
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
-
-valid: Fix NULL pointer deref in xmlDumpElementContent
-
-Can only be triggered in recovery mode.
-
-Fixes bug 758422
-
-Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882]
-CVE: CVE-2017-5969
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..0a8e58a 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
- xmlBufferWriteCHAR(buf, content->name);
- break;
- case XML_ELEMENT_CONTENT_SEQ:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " , ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
- break;
- case XML_ELEMENT_CONTENT_OR:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " | ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
deleted file mode 100644
index 26779aa..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Wed, 23 Aug 2017 16:04:49 +0800
-Subject: [PATCH] fix CVE-2017-8872
-
-this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
-il too here.
-
-this seems to cure this specific issue, and also passes the testsuite
-
-Signed-off-by: Marcus Meissner <meissner@suse.de>
-
-https://bugzilla.gnome.org/show_bug.cgi?id=775200
-Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- parser.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/parser.c b/parser.c
-index 9506ead..6c07ffd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
- }
- ctxt->input->cur = BAD_CAST"";
- ctxt->input->base = ctxt->input->cur;
-+ if (ctxt->input->buf) {
-+ xmlBufEmpty (ctxt->input->buf->buffer);
-+ } else
-+ ctxt->input->length = 0;
- }
- }
-
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
deleted file mode 100644
index 8b03456..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781701
-
-valid: Fix buffer size checks in xmlSnprintfElementContent
-
-xmlSnprintfElementContent failed to correctly check the available
-buffer space in two locations.
-
-Fixes bug 781333 and bug 781701
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9047 CVE-2017-9048
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/result/valid/781333.xml b/result/valid/781333.xml
-new file mode 100644
-index 0000000..01baf11
---- /dev/null
-+++ b/result/valid/781333.xml
-@@ -0,0 +1,5 @@
-+<?xml version="1.0"?>
-+<!DOCTYPE a [
-+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
lllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
-new file mode 100644
-index 0000000..2176200
---- /dev/null
-+++ b/result/valid/781333.xml.err
-@@ -0,0 +1,3 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
-new file mode 100644
-index 0000000..1195a04
---- /dev/null
-+++ b/result/valid/781333.xml.err.rdr
-@@ -0,0 +1,6 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
-+
-+^
-diff --git a/test/valid/781333.xml b/test/valid/781333.xml
-new file mode 100644
-index 0000000..bceac9c
---- /dev/null
-+++ b/test/valid/781333.xml
-@@ -0,0 +1,4 @@
-+<!DOCTYPE a [
-+ <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
lllllllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/valid.c b/valid.c
-index 19f84b8..aaa30f6 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- case XML_ELEMENT_CONTENT_PCDATA:
- strcat(buf, "#PCDATA");
- break;
-- case XML_ELEMENT_CONTENT_ELEMENT:
-+ case XML_ELEMENT_CONTENT_ELEMENT: {
-+ int qnameLen = xmlStrlen(content->name);
-+
-+ if (content->prefix != NULL)
-+ qnameLen += xmlStrlen(content->prefix) + 1;
-+ if (size - len < qnameLen + 10) {
-+ strcat(buf, " ...");
-+ return;
-+ }
- if (content->prefix != NULL) {
-- if (size - len < xmlStrlen(content->prefix) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- strcat(buf, (char *) content->prefix);
- strcat(buf, ":");
- }
-- if (size - len < xmlStrlen(content->name) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- if (content->name != NULL)
- strcat(buf, (char *) content->name);
- break;
-+ }
- case XML_ELEMENT_CONTENT_SEQ:
- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- xmlSnprintfElementContent(buf, size, content->c2, 0);
- break;
- }
-+ if (size - strlen(buf) <= 2) return;
- if (englob)
- strcat(buf, ")");
- switch (content->ocur) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
deleted file mode 100644
index 591075d..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
+++ /dev/null
@@ -1,291 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781205
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781361
-
-parser: Fix handling of parameter-entity references
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-Percent sign in DTD Names
-=========================
-
-The NEXTL macro used to call xmlParserHandlePEReference. When parsing
-"complex" names inside the DTD, this could result in entity expansion
-which created a new input buffer. The fix is to simply remove the call
-to xmlParserHandlePEReference from the NEXTL macro. This is safe because
-no users of the macro require expansion of parameter entities.
-
-- xmlParseNameComplex
-- xmlParseNCNameComplex
-- xmlParseNmtoken
-
-The percent sign is not allowed in names, which are grammatical tokens.
-
-- xmlParseEntityValue
-
-Parameter-entity references in entity values are expanded but this
-happens in a separate step in this function.
-
-- xmlParseSystemLiteral
-
-Parameter-entity references are ignored in the system literal.
-
-- xmlParseAttValueComplex
-- xmlParseCharDataComplex
-- xmlParseCommentComplex
-- xmlParsePI
-- xmlParseCDSect
-
-Parameter-entity references are ignored outside the DTD.
-
-- xmlLoadEntityContent
-
-This function is only called from xmlStringLenDecodeEntities and
-entities are replaced in a separate step immediately after the function
-call.
-
-This bug could also be triggered with an internal subset and double
-entity expansion.
-
-This fixes bug 766956 initially reported by Wei Lei and independently by
-Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
-involved.
-
-xmlParseNameComplex with XML_PARSE_OLD10
-========================================
-
-When parsing Names inside an expanded parameter entity with the
-XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
-GROW macro if the input buffer was exhausted. At the end of the
-parameter entity's replacement text, this function would then call
-xmlPopInput which invalidated the input buffer.
-
-There should be no need to invoke GROW in this situation because the
-buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
-at least for UTF-8, in xmlCurrentChar. This also matches the code path
-executed when XML_PARSE_OLD10 is not set.
-
-This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
-Thanks to Marcel Böhme and Thuan Pham for the report.
-
-Additional hardening
-====================
-
-A separate check was added in xmlParseNameComplex to validate the
-buffer size.
-
-Fixes bug 781205 and bug 781361
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9049 CVE-2017-9050
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/Makefile.am b/Makefile.am
-index 9f988b0..dab15a4 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
- if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
- rm result.$$name error.$$name ; \
- fi ; fi ; done)
-+ @echo "## Error cases regression tests (old 1.0)"
-+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
-+ name=`basename $$i`; \
-+ if [ ! -d $$i ] ; then \
-+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
-+ echo New test file $$name ; \
-+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
-+ 2> $(srcdir)/result/errors10/$$name.err \
-+ > $(srcdir)/result/errors10/$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ else \
-+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ diff $(srcdir)/result/errors10/$$name result.$$name ; \
-+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
-+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
-+ rm result.$$name error.$$name ; \
-+ fi ; fi ; done)
- @echo "## Error cases stream regression tests"
- -@(for i in $(srcdir)/test/errors/*.xml ; do \
- name=`basename $$i`; \
-diff --git a/parser.c b/parser.c
-index 609a270..8e11c12 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
- ctxt->input->line++; ctxt->input->col = 1; \
- } else ctxt->input->col++; \
- ctxt->input->cur += l; \
-- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
- } while (0)
-
- #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
-@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- len += l;
- NEXTL(l);
- c = CUR_CHAR(l);
-- if (c == 0) {
-- count = 0;
-- GROW;
-- if (ctxt->instate == XML_PARSER_EOF)
-- return(NULL);
-- c = CUR_CHAR(l);
-- }
- }
- }
- if ((len > XML_MAX_NAME_LENGTH) &&
-@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
- return(NULL);
- }
-+ if (ctxt->input->cur - ctxt->input->base < len) {
-+ /*
-+ * There were a couple of bugs where PERefs lead to to a change
-+ * of the buffer. Check the buffer size to avoid passing an invalid
-+ * pointer to xmlDictLookup.
-+ */
-+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
-+ "unexpected change of input buffer");
-+ return (NULL);
-+ }
- if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
-diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
-new file mode 100644
-index 0000000..da15c3f
---- /dev/null
-+++ b/result/errors10/781205.xml.err
-@@ -0,0 +1,21 @@
-+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+Entity: line 1: parser error : DOCTYPE improperly terminated
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+namespace error : Failed to parse QName ':0000'
-+ %a;
-+ ^
-+<:0000
-+ ^
-+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
-+
-+^
-diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
-new file mode 100644
-index 0000000..655f41a
---- /dev/null
-+++ b/result/errors10/781361.xml.err
-@@ -0,0 +1,13 @@
-+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
-+
-+^
-+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+
-+^
-+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
-+
-+^
-+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
-+
-+^
-diff --git a/result/valid/766956.xml b/result/valid/766956.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
-new file mode 100644
-index 0000000..34b1dae
---- /dev/null
-+++ b/result/valid/766956.xml.err
-@@ -0,0 +1,9 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
-new file mode 100644
-index 0000000..7760346
---- /dev/null
-+++ b/result/valid/766956.xml.err.rdr
-@@ -0,0 +1,10 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-+./test/valid/766956.xml : failed to parse
-diff --git a/runtest.c b/runtest.c
-index bb74d2a..63e8c20 100644
---- a/runtest.c
-+++ b/runtest.c
-@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
- { "Error cases regression tests",
- errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
- 0 },
-+ { "Error cases regression tests (old 1.0)",
-+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
-+ XML_PARSE_OLD10 },
- #ifdef LIBXML_READER_ENABLED
- { "Error cases stream regression tests",
- streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
-diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
-new file mode 100644
-index 0000000..d9e9e83
---- /dev/null
-+++ b/test/errors10/781205.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE D [
-+ <!ENTITY % a "<:0000">
-+ %a;
-diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
-new file mode 100644
-index 0000000..67476bc
---- /dev/null
-+++ b/test/errors10/781361.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE doc [
-+ <!ENTITY % elem "<!ELEMENT e0000000000">
-+ %elem;
-diff --git a/test/valid/766956.xml b/test/valid/766956.xml
-new file mode 100644
-index 0000000..19a95a0
---- /dev/null
-+++ b/test/valid/766956.xml
-@@ -0,0 +1,2 @@
-+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
-+<test/>
-diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
-new file mode 100644
-index 0000000..dddde68
---- /dev/null
-+++ b/test/valid/dtds/766956.dtd
-@@ -0,0 +1,2 @@
-+<!ENTITY % ent "value">
-+%ä%ent;
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
deleted file mode 100644
index c60e32f..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-libxml2-2.9.4: Fix more NULL pointer derefs
-
-xpointer: Fix more NULL pointer derefs
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..074db24 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- /*
- * Empty set ...
- */
-- if (end->nodesetval->nodeNr <= 0)
-+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
- return(NULL);
- break;
- default:
-@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
- */
- xmlNodeSetPtr set;
- set = tmp->nodesetval;
-- if ((set->nodeNr != 1) ||
-+ if ((set == NULL) || (set->nodeNr != 1) ||
- (set->nodeTab[0] != (xmlNodePtr) ctx->doc))
- stack++;
- } else
-@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- xmlXPathFreeObject(set);
- XP_ERROR(XPATH_MEMORY_ERROR);
- }
-- for (i = 0;i < oldset->locNr;i++) {
-- xmlXPtrLocationSetAdd(newset,
-- xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ if (oldset != NULL) {
-+ for (i = 0;i < oldset->locNr;i++) {
-+ xmlXPtrLocationSetAdd(newset,
-+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ }
- }
-
- /*
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
deleted file mode 100644
index faa5770..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
+++ /dev/null
@@ -1,590 +0,0 @@
-libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2
-
-[No upstream tracking]
-
-parser: Avoid reparsing in xmlParseStartTag2
-
-The code in xmlParseStartTag2 must handle the case that the input
-buffer was grown and reallocated which can invalidate pointers to
-attribute values. Before, this was handled by detecting changes of
-the input buffer "base" pointer and, in case of a change, jumping
-back to the beginning of the function and reparsing the start tag.
-
-The major problem of this approach is that whether an input buffer is
-reallocated is nondeterministic, resulting in seemingly random test
-failures. See the mailing list thread "runtest mystery bug: name2.xml
-error case regression test" from 2012, for example.
-
-If a reallocation was detected, the code also made no attempts to
-continue parsing in case of errors which makes a difference in
-the lax "recover" mode.
-
-Now we store the current input buffer "base" pointer for each (not
-separately allocated) attribute in the namespace URI field, which isn't
-used until later. After the whole start tag was parsed, the pointers to
-the attribute values are reconstructed using the offset between the
-new and the old input buffer. This relies on arithmetic on dangling
-pointers which is technically undefined behavior. But it seems like
-the easiest and most efficient fix and a similar approach is used in
-xmlParserInputGrow.
-
-This changes the error output of several tests, typically making it
-more verbose because we try harder to continue parsing in case of errors.
-
-(Another possible solution is to check not only the "base" pointer
-but the size of the input buffer as well. But this would result in
-even more reparsing.)
-
-Remove some goto labels and deduplicate a bit of code after handling
-namespaces.
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349]
- - [https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/parser.c b/parser.c
-index 609a270..74016e3 100644
---- a/parser.c
-+++ b/parser.c
-@@ -43,6 +43,7 @@
- #include <limits.h>
- #include <string.h>
- #include <stdarg.h>
-+#include <stddef.h>
- #include <libxml/xmlmemory.h>
- #include <libxml/threads.h>
- #include <libxml/globals.h>
-@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
- const xmlChar **atts = ctxt->atts;
- int maxatts = ctxt->maxatts;
- int nratts, nbatts, nbdef;
-- int i, j, nbNs, attval, oldline, oldcol, inputNr;
-- const xmlChar *base;
-+ int i, j, nbNs, attval;
- unsigned long cur;
- int nsNr = ctxt->nsNr;
-
-@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
- * The Shrinking is only possible once the full set of attribute
- * callbacks have been done.
- */
--reparse:
- SHRINK;
-- base = ctxt->input->base;
- cur = ctxt->input->cur - ctxt->input->base;
-- inputNr = ctxt->inputNr;
-- oldline = ctxt->input->line;
-- oldcol = ctxt->input->col;
- nbatts = 0;
- nratts = 0;
- nbdef = 0;
-@@ -9422,8 +9417,6 @@ reparse:
- */
- SKIP_BLANKS;
- GROW;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-
- while (((RAW != '>') &&
- ((RAW != '/') || (NXT(1) != '>')) &&
-@@ -9434,203 +9427,174 @@ reparse:
-
- attname = xmlParseAttribute2(ctxt, prefix, localname,
- &aprefix, &attvalue, &len, &alloc);
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
-- if ((attvalue != NULL) && (alloc != 0))
-- xmlFree(attvalue);
-- attvalue = NULL;
-- goto base_changed;
-- }
-- if ((attname != NULL) && (attvalue != NULL)) {
-- if (len < 0) len = xmlStrlen(attvalue);
-- if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
-- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-- xmlURIPtr uri;
--
-- if (URL == NULL) {
-- xmlErrMemory(ctxt, "dictionary allocation failure");
-- if ((attvalue != NULL) && (alloc != 0))
-- xmlFree(attvalue);
-- return(NULL);
-- }
-- if (*URL != 0) {
-- uri = xmlParseURI((const char *) URL);
-- if (uri == NULL) {
-- xmlNsErr(ctxt, XML_WAR_NS_URI,
-- "xmlns: '%s' is not a valid URI\n",
-- URL, NULL, NULL);
-- } else {
-- if (uri->scheme == NULL) {
-- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-- "xmlns: URI %s is not absolute\n",
-- URL, NULL, NULL);
-- }
-- xmlFreeURI(uri);
-- }
-- if (URL == ctxt->str_xml_ns) {
-- if (attname != ctxt->str_xml) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace URI cannot be the default namespace\n",
-- NULL, NULL, NULL);
-- }
-- goto skip_default_ns;
-- }
-- if ((len == 29) &&
-- (xmlStrEqual(URL,
-- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "reuse of the xmlns namespace name is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_default_ns;
-- }
-- }
-- /*
-- * check that it's not a defined namespace
-- */
-- for (j = 1;j <= nbNs;j++)
-- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
-- break;
-- if (j <= nbNs)
-- xmlErrAttributeDup(ctxt, NULL, attname);
-- else
-- if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
--skip_default_ns:
-- if ((attvalue != NULL) && (alloc != 0)) {
-- xmlFree(attvalue);
-- attvalue = NULL;
-- }
-- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
-- break;
-- if (!IS_BLANK_CH(RAW)) {
-- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
-- "attributes construct error\n");
-- break;
-- }
-- SKIP_BLANKS;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-- continue;
-- }
-- if (aprefix == ctxt->str_xmlns) {
-- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-- xmlURIPtr uri;
--
-- if (attname == ctxt->str_xml) {
-- if (URL != ctxt->str_xml_ns) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace prefix mapped to wrong URI\n",
-- NULL, NULL, NULL);
-- }
-- /*
-- * Do not keep a namespace definition node
-- */
-- goto skip_ns;
-- }
-+ if ((attname == NULL) || (attvalue == NULL))
-+ goto next_attr;
-+ if (len < 0) len = xmlStrlen(attvalue);
-+
-+ if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
-+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+ xmlURIPtr uri;
-+
-+ if (URL == NULL) {
-+ xmlErrMemory(ctxt, "dictionary allocation failure");
-+ if ((attvalue != NULL) && (alloc != 0))
-+ xmlFree(attvalue);
-+ return(NULL);
-+ }
-+ if (*URL != 0) {
-+ uri = xmlParseURI((const char *) URL);
-+ if (uri == NULL) {
-+ xmlNsErr(ctxt, XML_WAR_NS_URI,
-+ "xmlns: '%s' is not a valid URI\n",
-+ URL, NULL, NULL);
-+ } else {
-+ if (uri->scheme == NULL) {
-+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+ "xmlns: URI %s is not absolute\n",
-+ URL, NULL, NULL);
-+ }
-+ xmlFreeURI(uri);
-+ }
- if (URL == ctxt->str_xml_ns) {
-- if (attname != ctxt->str_xml) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace URI mapped to wrong prefix\n",
-- NULL, NULL, NULL);
-- }
-- goto skip_ns;
-- }
-- if (attname == ctxt->str_xmlns) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "redefinition of the xmlns prefix is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_ns;
-- }
-- if ((len == 29) &&
-- (xmlStrEqual(URL,
-- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "reuse of the xmlns namespace name is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_ns;
-- }
-- if ((URL == NULL) || (URL[0] == 0)) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xmlns:%s: Empty XML namespace is not allowed\n",
-- attname, NULL, NULL);
-- goto skip_ns;
-- } else {
-- uri = xmlParseURI((const char *) URL);
-- if (uri == NULL) {
-- xmlNsErr(ctxt, XML_WAR_NS_URI,
-- "xmlns:%s: '%s' is not a valid URI\n",
-- attname, URL, NULL);
-- } else {
-- if ((ctxt->pedantic) && (uri->scheme == NULL)) {
-- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-- "xmlns:%s: URI %s is not absolute\n",
-- attname, URL, NULL);
-- }
-- xmlFreeURI(uri);
-- }
-- }
--
-- /*
-- * check that it's not a defined namespace
-- */
-- for (j = 1;j <= nbNs;j++)
-- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
-- break;
-- if (j <= nbNs)
-- xmlErrAttributeDup(ctxt, aprefix, attname);
-- else
-- if (nsPush(ctxt, attname, URL) > 0) nbNs++;
--skip_ns:
-- if ((attvalue != NULL) && (alloc != 0)) {
-- xmlFree(attvalue);
-- attvalue = NULL;
-- }
-- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
-- break;
-- if (!IS_BLANK_CH(RAW)) {
-- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
-- "attributes construct error\n");
-- break;
-- }
-- SKIP_BLANKS;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-- continue;
-- }
-+ if (attname != ctxt->str_xml) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace URI cannot be the default namespace\n",
-+ NULL, NULL, NULL);
-+ }
-+ goto next_attr;
-+ }
-+ if ((len == 29) &&
-+ (xmlStrEqual(URL,
-+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "reuse of the xmlns namespace name is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ }
-+ /*
-+ * check that it's not a defined namespace
-+ */
-+ for (j = 1;j <= nbNs;j++)
-+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
-+ break;
-+ if (j <= nbNs)
-+ xmlErrAttributeDup(ctxt, NULL, attname);
-+ else
-+ if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
-+
-+ } else if (aprefix == ctxt->str_xmlns) {
-+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+ xmlURIPtr uri;
-+
-+ if (attname == ctxt->str_xml) {
-+ if (URL != ctxt->str_xml_ns) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace prefix mapped to wrong URI\n",
-+ NULL, NULL, NULL);
-+ }
-+ /*
-+ * Do not keep a namespace definition node
-+ */
-+ goto next_attr;
-+ }
-+ if (URL == ctxt->str_xml_ns) {
-+ if (attname != ctxt->str_xml) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace URI mapped to wrong prefix\n",
-+ NULL, NULL, NULL);
-+ }
-+ goto next_attr;
-+ }
-+ if (attname == ctxt->str_xmlns) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "redefinition of the xmlns prefix is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ if ((len == 29) &&
-+ (xmlStrEqual(URL,
-+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "reuse of the xmlns namespace name is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ if ((URL == NULL) || (URL[0] == 0)) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xmlns:%s: Empty XML namespace is not allowed\n",
-+ attname, NULL, NULL);
-+ goto next_attr;
-+ } else {
-+ uri = xmlParseURI((const char *) URL);
-+ if (uri == NULL) {
-+ xmlNsErr(ctxt, XML_WAR_NS_URI,
-+ "xmlns:%s: '%s' is not a valid URI\n",
-+ attname, URL, NULL);
-+ } else {
-+ if ((ctxt->pedantic) && (uri->scheme == NULL)) {
-+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+ "xmlns:%s: URI %s is not absolute\n",
-+ attname, URL, NULL);
-+ }
-+ xmlFreeURI(uri);
-+ }
-+ }
-
-- /*
-- * Add the pair to atts
-- */
-- if ((atts == NULL) || (nbatts + 5 > maxatts)) {
-- if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
-- if (attvalue[len] == 0)
-- xmlFree(attvalue);
-- goto failed;
-- }
-- maxatts = ctxt->maxatts;
-- atts = ctxt->atts;
-- }
-- ctxt->attallocs[nratts++] = alloc;
-- atts[nbatts++] = attname;
-- atts[nbatts++] = aprefix;
-- atts[nbatts++] = NULL; /* the URI will be fetched later */
-- atts[nbatts++] = attvalue;
-- attvalue += len;
-- atts[nbatts++] = attvalue;
-- /*
-- * tag if some deallocation is needed
-- */
-- if (alloc != 0) attval = 1;
-- } else {
-- if ((attvalue != NULL) && (attvalue[len] == 0))
-- xmlFree(attvalue);
-- }
-+ /*
-+ * check that it's not a defined namespace
-+ */
-+ for (j = 1;j <= nbNs;j++)
-+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
-+ break;
-+ if (j <= nbNs)
-+ xmlErrAttributeDup(ctxt, aprefix, attname);
-+ else
-+ if (nsPush(ctxt, attname, URL) > 0) nbNs++;
-+
-+ } else {
-+ /*
-+ * Add the pair to atts
-+ */
-+ if ((atts == NULL) || (nbatts + 5 > maxatts)) {
-+ if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
-+ goto next_attr;
-+ }
-+ maxatts = ctxt->maxatts;
-+ atts = ctxt->atts;
-+ }
-+ ctxt->attallocs[nratts++] = alloc;
-+ atts[nbatts++] = attname;
-+ atts[nbatts++] = aprefix;
-+ /*
-+ * The namespace URI field is used temporarily to point at the
-+ * base of the current input buffer for non-alloced attributes.
-+ * When the input buffer is reallocated, all the pointers become
-+ * invalid, but they can be reconstructed later.
-+ */
-+ if (alloc)
-+ atts[nbatts++] = NULL;
-+ else
-+ atts[nbatts++] = ctxt->input->base;
-+ atts[nbatts++] = attvalue;
-+ attvalue += len;
-+ atts[nbatts++] = attvalue;
-+ /*
-+ * tag if some deallocation is needed
-+ */
-+ if (alloc != 0) attval = 1;
-+ attvalue = NULL; /* moved into atts */
-+ }
-
--failed:
-+next_attr:
-+ if ((attvalue != NULL) && (alloc != 0)) {
-+ xmlFree(attvalue);
-+ attvalue = NULL;
-+ }
-
- GROW
- if (ctxt->instate == XML_PARSER_EOF)
- break;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
- break;
- if (!IS_BLANK_CH(RAW)) {
-@@ -9646,8 +9610,20 @@ failed:
- break;
- }
- GROW;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-+ }
-+
-+ /* Reconstruct attribute value pointers. */
-+ for (i = 0, j = 0; j < nratts; i += 5, j++) {
-+ if (atts[i+2] != NULL) {
-+ /*
-+ * Arithmetic on dangling pointers is technically undefined
-+ * behavior, but well...
-+ */
-+ ptrdiff_t offset = ctxt->input->base - atts[i+2];
-+ atts[i+2] = NULL; /* Reset repurposed namespace URI */
-+ atts[i+3] += offset; /* value */
-+ atts[i+4] += offset; /* valuend */
-+ }
- }
-
- /*
-@@ -9804,34 +9780,6 @@ failed:
- }
-
- return(localname);
--
--base_changed:
-- /*
-- * the attribute strings are valid iif the base didn't changed
-- */
-- if (attval != 0) {
-- for (i = 3,j = 0; j < nratts;i += 5,j++)
-- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
-- xmlFree((xmlChar *) atts[i]);
-- }
--
-- /*
-- * We can't switch from one entity to another in the middle
-- * of a start tag
-- */
-- if (inputNr != ctxt->inputNr) {
-- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
-- "Start tag doesn't start and stop in the same entity\n");
-- return(NULL);
-- }
--
-- ctxt->input->cur = ctxt->input->base + cur;
-- ctxt->input->line = oldline;
-- ctxt->input->col = oldcol;
-- if (ctxt->wellFormed == 1) {
-- goto reparse;
-- }
-- return(NULL);
- }
-
- /**
-diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err
-index e08d9bf..f6036a3 100644
---- a/result/errors/759398.xml.err
-+++ b/result/errors/759398.xml.err
-@@ -1,9 +1,12 @@
- ./test/errors/759398.xml:210: parser error : StartTag: invalid element name
- need to worry about parsers whi<! don't expand PErefs finding
- ^
--./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: spec line 50 and termdef
-+./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââm line 308 and termdef
- and provide access to their content and structure.</termdef> <termdef
- ^
--./test/errors/759398.xml:309: parser error : Extra content at the end of the document
--and provide access to their content and structure.</termdef> <termdef
-- ^
-+./test/errors/759398.xml:314: parser error : Opening and ending tag mismatch: spec line 50 and p
-+data and the information it must provide to the application.</p>
-+ ^
-+./test/errors/759398.xml:316: parser error : Extra content at the end of the document
-+<div2 id='sec-origin-goals'>
-+^
-diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err
-index 4f08538..c4c4fc8 100644
---- a/result/errors/attr1.xml.err
-+++ b/result/errors/attr1.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr1.xml:2: parser error : AttValue: ' expected
-
- ^
--./test/errors/attr1.xml:1: parser error : Extra content at the end of the document
--<foo foo="oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr1.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr1.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/attr2.xml.err b/result/errors/attr2.xml.err
-index c8a9c7d..77e342e 100644
---- a/result/errors/attr2.xml.err
-+++ b/result/errors/attr2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr2.xml:2: parser error : AttValue: ' expected
-
- ^
--./test/errors/attr2.xml:1: parser error : Extra content at the end of the document
--<foo foo=">ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err
-index a6649a1..8a6acee 100644
---- a/result/errors/name2.xml.err
-+++ b/result/errors/name2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/name2.xml:2: parser error : Specification mandate value for attribute foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-
- ^
--./test/errors/name2.xml:1: parser error : Extra content at the end of the document
--<foo foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/name2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/name2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
deleted file mode 100644
index 65f6bef..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-libxml2-2.9.4: Fix comparison with root node in xmlXPathCmpNodes and NULL pointer deref in XPointer
-
-xpath:
- - Check for errors after evaluating first operand.
- - Add sanity check for empty stack.
- - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8]
-CVE: CVE-2016-5131
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
-new file mode 100644
-index 0000000..d589882
---- /dev/null
-+++ b/result/XPath/xptr/viderror
-@@ -0,0 +1,4 @@
-+
-+========================
-+Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
-+Object is empty (NULL)
-diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
-new file mode 100644
-index 0000000..da8c53b
---- /dev/null
-+++ b/test/XPath/xptr/viderror
-@@ -0,0 +1 @@
-+xpointer(non-existing-fn()/range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index 113bce6..d992841 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
- * compute depth to root
- */
- for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node1)
-+ if (cur->parent == node1)
- return(1);
- depth2++;
- }
- root = cur;
- for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node2)
-+ if (cur->parent == node2)
- return(-1);
- depth1++;
- }
-@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- xmlNodeSetPtr oldset;
- int i, j;
-
-- if (op->ch1 != -1)
-+ if (op->ch1 != -1) {
- total +=
- xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
-+ CHECK_ERROR0;
-+ }
-+ if (ctxt->value == NULL) {
-+ XP_ERROR0(XPATH_INVALID_OPERAND);
-+ }
- if (op->ch2 == -1)
- return (total);
-
diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch b/meta/recipes-core/libxml/libxml2/runtest.patch
index 6e56857..cb171d5 100644
--- a/meta/recipes-core/libxml/libxml2/runtest.patch
+++ b/meta/recipes-core/libxml/libxml2/runtest.patch
@@ -2,47 +2,29 @@ Add 'install-ptest' rule.
Print a standard result line for each test.
Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
-Signed-off-by: Andrej Valek <andrej.valek@enea.com>
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Upstream-Status: Backport
diff -uNr a/Makefile.am b/Makefile.am
---- a/Makefile.am 2016-05-22 03:49:02.000000000 +0200
-+++ b/Makefile.am 2017-06-14 10:38:43.381305385 +0200
-@@ -202,10 +202,24 @@
+--- a/Makefile.am 2017-08-28 15:01:14.000000000 +0200
++++ b/Makefile.am 2017-09-05 08:06:05.752287323 +0200
+@@ -202,6 +202,15 @@
#testOOM_DEPENDENCIES = $(DEPS)
#testOOM_LDADD= $(LDADDS)
+install-ptest:
+ @(if [ -d .libs ] ; then cd .libs; fi; \
-+ install $(noinst_PROGRAMS) $(DESTDIR))
++ install $(check_PROGRAMS) $(DESTDIR))
+ cp -r $(srcdir)/test $(DESTDIR)
+ cp -r $(srcdir)/result $(DESTDIR)
+ cp -r $(srcdir)/python $(DESTDIR)
+ cp Makefile $(DESTDIR)
+ sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile
+
- runtests:
+ runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \
+ testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT)
[ -d test ] || $(LN_S) $(srcdir)/test .
- [ -d result ] || $(LN_S) $(srcdir)/result .
-- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
-+ $(CHECKER) ./runtest$(EXEEXT) && \
-+ $(CHECKER) ./testrecurse$(EXEEXT) && \
-+ ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) ./testapi$(EXEEXT) && \
-+ $(CHECKER) ./testchar$(EXEEXT) && \
-+ $(CHECKER) ./testdict$(EXEEXT) && \
-+ $(CHECKER) ./runxmlconf$(EXEEXT)
- @(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \
- $(MAKE) tests ; fi)
-
-@@ -229,7 +243,7 @@
-
- APItests: testapi$(EXEEXT)
- @echo "## Running the API regression tests this may take a little while"
-- -@($(CHECKER) $(top_builddir)/testapi -q)
-+ -@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) $(top_builddir)/testapi -q)
-
- HTMLtests : testHTML$(EXEEXT)
- @(echo > .memdump)
+
diff -uNr a/runsuite.c b/runsuite.c
--- a/runsuite.c 2013-04-12 16:17:11.462823238 +0200
+++ b/runsuite.c 2013-04-17 14:07:24.352693211 +0200
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.5.bb
similarity index 85%
rename from meta/recipes-core/libxml/libxml2_2.9.4.bb
rename to meta/recipes-core/libxml/libxml2_2.9.5.bb
index 107539b..16391c3 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.5.bb
@@ -19,21 +19,11 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
file://run-ptest \
file://python-sitepackages-dir.patch \
file://libxml-m4-use-pkgconfig.patch \
- file://libxml2-fix_node_comparison.patch \
- file://libxml2-CVE-2016-5131.patch \
- file://libxml2-CVE-2016-4658.patch \
- file://libxml2-fix_NULL_pointer_derefs.patch \
- file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
- file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
- file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
- file://libxml2-CVE-2017-5969.patch \
- file://libxml2-CVE-2017-0663.patch \
- file://libxml2-CVE-2017-8872.patch \
file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
"
-SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
-SRC_URI[libtar.sha256sum] = "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c"
+SRC_URI[libtar.md5sum] = "5ce0da9bdaa267b40c4ca36d35363b8b"
+SRC_URI[libtar.sha256sum] = "4031c1ecee9ce7ba4f313e91ef6284164885cdb69937a123f6a83bb6a72dcd38"
SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a"
SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
--
2.1.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* Re: [PATCH v2] libxml2: 2.9.4 -> 2.9.5
2017-09-28 12:06 ` [PATCH v2] " Andrej Valek
@ 2017-09-28 16:18 ` Burton, Ross
2017-09-29 7:16 ` Andrej Valek
0 siblings, 1 reply; 24+ messages in thread
From: Burton, Ross @ 2017-09-28 16:18 UTC (permalink / raw)
To: Andrej Valek; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 102835 bytes --]
Sorry but:
| NOTE: make
DESTDIR=/data/poky-tmp/master/build/work/corei7-64-poky-linux/libxml2/2.9.5-r0/image/usr/lib/libxml2/ptest
install-ptest
| install: cannot stat 'testSchemas': No such file or directory
| install: cannot stat 'testRelax': No such file or directory
| install: cannot stat 'testSAX': No such file or directory
| install: cannot stat 'testHTML': No such file or directory
| install: cannot stat 'testXPath': No such file or directory
| install: cannot stat 'testURI': No such file or directory
| install: cannot stat 'testThreads': No such file or directory
| install: cannot stat 'testC14N': No such file or directory
| install: cannot stat 'testAutomata': No such file or directory
| install: cannot stat 'testRegexp': No such file or directory
| install: cannot stat 'testReader': No such file or directory
| install: cannot stat 'testapi': No such file or directory
| install: cannot stat 'testModule': No such file or directory
| install: cannot stat 'runtest': No such file or directory
| install: cannot stat 'runsuite': No such file or directory
| install: cannot stat 'testchar': No such file or directory
| install: cannot stat 'testdict': No such file or directory
| install: cannot stat 'runxmlconf': No such file or directory
| install: cannot stat 'testrecurse': No such file or directory
| install: cannot stat 'testlimits': No such file or directory
| Makefile:1908: recipe for target 'install-ptest' failed
Ross
On 28 September 2017 at 13:06, Andrej Valek <andrej.valek@siemens.com>
wrote:
> Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> ---
> .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +-
> .../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 ----------
> .../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 -------
> .../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 --
> .../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ---
> .../libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 --
> .../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ----
> .../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ----------
> .../libxml2/libxml2-fix_NULL_pointer_derefs.patch | 45 --
> ...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590
> ---------------------
> .../libxml2/libxml2-fix_node_comparison.patch | 67 ---
> meta/recipes-core/libxml/libxml2/runtest.patch | 34 +-
> .../libxml/{libxml2_2.9.4.bb => libxml2_2.9.5.bb} | 14 +-
> 13 files changed, 11 insertions(+), 1723 deletions(-)
> delete mode 100644 meta/recipes-core/libxml/
> libxml2/libxml2-CVE-2016-4658.patch
> delete mode 100644 meta/recipes-core/libxml/
> libxml2/libxml2-CVE-2016-5131.patch
> delete mode 100644 meta/recipes-core/libxml/
> libxml2/libxml2-CVE-2017-0663.patch
> delete mode 100644 meta/recipes-core/libxml/
> libxml2/libxml2-CVE-2017-5969.patch
> delete mode 100644 meta/recipes-core/libxml/
> libxml2/libxml2-CVE-2017-8872.patch
> delete mode 100644 meta/recipes-core/libxml/
> libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
> delete mode 100644 meta/recipes-core/libxml/
> libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_
> pointer_derefs.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_and_
> simplify_xmlParseStartTag2.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_node_
> comparison.patch
> rename meta/recipes-core/libxml/{libxml2_2.9.4.bb => libxml2_2.9.5.bb}
> (85%)
>
> diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
> b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
> index 3277165..d9ed151 100644
> --- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
> +++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
> @@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644
> - echo "*** If you have an old version installed, it is best to
> remove it, although"
> - echo "*** you may also be able to get things to work by
> modifying LD_LIBRARY_PATH" ],
> - [ echo "*** The test program failed to compile or link. See the
> file config.log for the"
> -- echo "*** exact error that occured. This usually means LIBXML
> was incorrectly installed"
> +- echo "*** exact error that occurred. This usually means LIBXML
> was incorrectly installed"
> - echo "*** or that you have moved LIBXML since it was
> installed. In the latter case, you"
> - echo "*** may want to edit the xml2-config script:
> $XML2_CONFIG" ])
> - CPPFLAGS="$ac_save_CPPFLAGS"
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
> deleted file mode 100644
> index bb55eed..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
> +++ /dev/null
> @@ -1,269 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2016-4658
> -
> -[No upstream tracking] -- https://bugzilla.redhat.com/
> show_bug.cgi?id=CVE-2016-4658
> -
> -xpointer: Disallow namespace nodes in XPointer points and ranges
> -
> -Namespace nodes must be copied to avoid use-after-free errors.
> -But they don't necessarily have a physical representation in a
> -document, so simply disallow them in XPointer ranges.
> -
> -Upstream-Status: Backport
> - - [https://git.gnome.org/browse/libxml2/commit/?id=
> c1d1f7121194036608bf555f08d3062a36fd344b]
> - - [https://git.gnome.org/browse/libxml2/commit/?id=
> 3f8a91036d338e51c059d54397a42d645f019c65]
> -CVE: CVE-2016-4658
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
> -
> -diff --git a/xpointer.c b/xpointer.c
> -index 676c510..911680d 100644
> ---- a/xpointer.c
> -+++ b/xpointer.c
> -@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1,
> xmlXPathObjectPtr range2) {
> - }
> -
> - /**
> -+ * xmlXPtrNewRangeInternal:
> -+ * @start: the starting node
> -+ * @startindex: the start index
> -+ * @end: the ending point
> -+ * @endindex: the ending index
> -+ *
> -+ * Internal function to create a new xmlXPathObjectPtr of type range
> -+ *
> -+ * Returns the newly created object.
> -+ */
> -+static xmlXPathObjectPtr
> -+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
> -+ xmlNodePtr end, int endindex) {
> -+ xmlXPathObjectPtr ret;
> -+
> -+ /*
> -+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
> -+ * Disallow them for now.
> -+ */
> -+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
> -+ return(NULL);
> -+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
> -+ return(NULL);
> -+
> -+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -+ if (ret == NULL) {
> -+ xmlXPtrErrMemory("allocating range");
> -+ return(NULL);
> -+ }
> -+ memset(ret, 0, sizeof(xmlXPathObject));
> -+ ret->type = XPATH_RANGE;
> -+ ret->user = start;
> -+ ret->index = startindex;
> -+ ret->user2 = end;
> -+ ret->index2 = endindex;
> -+ return(ret);
> -+}
> -+
> -+/**
> - * xmlXPtrNewRange:
> - * @start: the starting node
> - * @startindex: the start index
> -@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
> - if (endindex < 0)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = startindex;
> -- ret->user2 = end;
> -- ret->index2 = endindex;
> -+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start,
> xmlXPathObjectPtr end) {
> - if (end->type != XPATH_POINT)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start->user;
> -- ret->index = start->index;
> -- ret->user2 = end->user;
> -- ret->index2 = end->index;
> -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
> -+ end->index);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start,
> xmlNodePtr end) {
> - if (start->type != XPATH_POINT)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start->user;
> -- ret->index = start->index;
> -- ret->user2 = end;
> -- ret->index2 = -1;
> -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start,
> xmlXPathObjectPtr end) {
> - if (end->type != XPATH_POINT)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- ret->user2 = end->user;
> -- ret->index2 = end->index;
> -+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr
> end) {
> - if (end == NULL)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- ret->user2 = end;
> -- ret->index2 = -1;
> -+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
> - if (start == NULL)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- ret->user2 = NULL;
> -- ret->index2 = -1;
> -+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
> - return(ret);
> - }
> -
> -@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
> - */
> - xmlXPathObjectPtr
> - xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
> -+ xmlNodePtr endNode;
> -+ int endIndex;
> - xmlXPathObjectPtr ret;
> -
> - if (start == NULL)
> -@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start,
> xmlXPathObjectPtr end) {
> - return(NULL);
> - switch (end->type) {
> - case XPATH_POINT:
> -+ endNode = end->user;
> -+ endIndex = end->index;
> -+ break;
> - case XPATH_RANGE:
> -+ endNode = end->user2;
> -+ endIndex = end->index2;
> - break;
> - case XPATH_NODESET:
> - /*
> -@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start,
> xmlXPathObjectPtr end) {
> - */
> - if (end->nodesetval->nodeNr <= 0)
> - return(NULL);
> -+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr -
> 1];
> -+ endIndex = -1;
> - break;
> - default:
> - /* TODO */
> - return(NULL);
> - }
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- switch (end->type) {
> -- case XPATH_POINT:
> -- ret->user2 = end->user;
> -- ret->index2 = end->index;
> -- break;
> -- case XPATH_RANGE:
> -- ret->user2 = end->user2;
> -- ret->index2 = end->index2;
> -- break;
> -- case XPATH_NODESET: {
> -- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr
> - 1];
> -- ret->index2 = -1;
> -- break;
> -- }
> -- default:
> -- STRANGE
> -- return(NULL);
> -- }
> -+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr
> ctxt, int nargs) {
> - case XPATH_RANGE: {
> - xmlNodePtr node = tmp->user;
> - if (node != NULL) {
> -- if (node->type == XML_ATTRIBUTE_NODE) {
> -- /* TODO: Namespace Nodes ??? */
> -+ if ((node->type == XML_ATTRIBUTE_NODE) ||
> -+ (node->type == XML_NAMESPACE_DECL)) {
> - xmlXPathFreeObject(obj);
> - xmlXPtrFreeLocationSet(newset);
> - XP_ERROR(XPTR_SYNTAX_ERROR);
> -@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr
> ctxt, int nargs) {
> - case XPATH_RANGE: {
> - xmlNodePtr node = tmp->user2;
> - if (node != NULL) {
> -- if (node->type == XML_ATTRIBUTE_NODE) {
> -- /* TODO: Namespace Nodes ??? */
> -+ if ((node->type == XML_ATTRIBUTE_NODE) ||
> -+ (node->type == XML_NAMESPACE_DECL)) {
> - xmlXPathFreeObject(obj);
> - xmlXPtrFreeLocationSet(newset);
> - XP_ERROR(XPTR_SYNTAX_ERROR);
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
> deleted file mode 100644
> index 9d47d02..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
> +++ /dev/null
> @@ -1,180 +0,0 @@
> -From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
> -From: Nick Wellnhofer <wellnhofer@aevum.de>
> -Date: Tue, 28 Jun 2016 14:22:23 +0200
> -Subject: [PATCH] Fix XPointer paths beginning with range-to
> -
> -The old code would invoke the broken xmlXPtrRangeToFunction. range-to
> -isn't really a function but a special kind of location step. Remove
> -this function and always handle range-to in the XPath code.
> -
> -The old xmlXPtrRangeToFunction could also be abused to trigger a
> -use-after-free error with the potential for remote code execution.
> -
> -Found with afl-fuzz.
> -
> -Fixes CVE-2016-5131.
> -
> -CVE: CVE-2016-5131
> -Upstream-Status: Backport
> -https://git.gnome.org/browse/libxml2/commit/?id=
> 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
> -
> -Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
> ----
> - result/XPath/xptr/vidbase | 13 ++++++++
> - test/XPath/xptr/vidbase | 1 +
> - xpath.c | 7 ++++-
> - xpointer.c | 76 ++++--------------------------
> -----------------
> - 4 files changed, 26 insertions(+), 71 deletions(-)
> -
> -diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
> -index 8b9e92d..f19193e 100644
> ---- a/result/XPath/xptr/vidbase
> -+++ b/result/XPath/xptr/vidbase
> -@@ -17,3 +17,16 @@ Object is a Location Set:
> - To node
> - ELEMENT p
> -
> -+
> -+========================
> -+Expression: xpointer(range-to(id('chapter2')))
> -+Object is a Location Set:
> -+1 : Object is a range :
> -+ From node
> -+ /
> -+ To node
> -+ ELEMENT chapter
> -+ ATTRIBUTE id
> -+ TEXT
> -+ content=chapter2
> -+
> -diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
> -index b146383..884b106 100644
> ---- a/test/XPath/xptr/vidbase
> -+++ b/test/XPath/xptr/vidbase
> -@@ -1,2 +1,3 @@
> - xpointer(id('chapter1')/p)
> - xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
> -+xpointer(range-to(id('chapter2')))
> -diff --git a/xpath.c b/xpath.c
> -index d992841..5a01b1b 100644
> ---- a/xpath.c
> -+++ b/xpath.c
> -@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr
> ctxt) {
> - lc = 1;
> - break;
> - } else if ((NXT(len) == '(')) {
> -- /* Note Type or Function */
> -+ /* Node Type or Function */
> - if (xmlXPathIsNodeType(name)) {
> - #ifdef DEBUG_STEP
> - xmlGenericError(xmlGenericErrorContext,
> - "PathExpr: Type search\n");
> - #endif
> - lc = 1;
> -+#ifdef LIBXML_XPTR_ENABLED
> -+ } else if (ctxt->xptr &&
> -+ xmlStrEqual(name, BAD_CAST "range-to")) {
> -+ lc = 1;
> -+#endif
> - } else {
> - #ifdef DEBUG_STEP
> - xmlGenericError(xmlGenericErrorContext,
> -diff --git a/xpointer.c b/xpointer.c
> -index 676c510..d74174a 100644
> ---- a/xpointer.c
> -+++ b/xpointer.c
> -@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here,
> xmlNodePtr origin) {
> - ret->here = here;
> - ret->origin = origin;
> -
> -- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
> -- xmlXPtrRangeToFunction);
> - xmlXPathRegisterFunc(ret, (xmlChar *)"range",
> - xmlXPtrRangeFunction);
> - xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
> -@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr
> ctxt, int nargs) {
> - * @nargs: the number of args
> - *
> - * Implement the range-to() XPointer function
> -+ *
> -+ * Obsolete. range-to is not a real function but a special type of
> location
> -+ * step which is handled in xpath.c.
> - */
> - void
> --xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
> -- xmlXPathObjectPtr range;
> -- const xmlChar *cur;
> -- xmlXPathObjectPtr res, obj;
> -- xmlXPathObjectPtr tmp;
> -- xmlLocationSetPtr newset = NULL;
> -- xmlNodeSetPtr oldset;
> -- int i;
> --
> -- if (ctxt == NULL) return;
> -- CHECK_ARITY(1);
> -- /*
> -- * Save the expression pointer since we will have to evaluate
> -- * it multiple times. Initialize the new set.
> -- */
> -- CHECK_TYPE(XPATH_NODESET);
> -- obj = valuePop(ctxt);
> -- oldset = obj->nodesetval;
> -- ctxt->context->node = NULL;
> --
> -- cur = ctxt->cur;
> -- newset = xmlXPtrLocationSetCreate(NULL);
> --
> -- for (i = 0; i < oldset->nodeNr; i++) {
> -- ctxt->cur = cur;
> --
> -- /*
> -- * Run the evaluation with a node list made of a single item
> -- * in the nodeset.
> -- */
> -- ctxt->context->node = oldset->nodeTab[i];
> -- tmp = xmlXPathNewNodeSet(ctxt->context->node);
> -- valuePush(ctxt, tmp);
> --
> -- xmlXPathEvalExpr(ctxt);
> -- CHECK_ERROR;
> --
> -- /*
> -- * The result of the evaluation need to be tested to
> -- * decided whether the filter succeeded or not
> -- */
> -- res = valuePop(ctxt);
> -- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
> -- if (range != NULL) {
> -- xmlXPtrLocationSetAdd(newset, range);
> -- }
> --
> -- /*
> -- * Cleanup
> -- */
> -- if (res != NULL)
> -- xmlXPathFreeObject(res);
> -- if (ctxt->value == tmp) {
> -- res = valuePop(ctxt);
> -- xmlXPathFreeObject(res);
> -- }
> --
> -- ctxt->context->node = NULL;
> -- }
> --
> -- /*
> -- * The result is used as the new evaluation set.
> -- */
> -- xmlXPathFreeObject(obj);
> -- ctxt->context->node = NULL;
> -- ctxt->context->contextSize = -1;
> -- ctxt->context->proximityPosition = -1;
> -- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
> -+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
> -+ int nargs ATTRIBUTE_UNUSED) {
> -+ XP_ERROR(XPATH_EXPR_ERROR);
> - }
> -
> - /**
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
> deleted file mode 100644
> index 0108265..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
> +++ /dev/null
> @@ -1,40 +0,0 @@
> -libxml2: Fix CVE-2017-0663
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/
> show_bug.cgi?id=780228
> -
> -valid: Fix type confusion in xmlValidateOneNamespace
> -
> -Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
> -on namespace declarations make no practical sense anyway.
> -
> -Fixes bug 780228
> -
> -Upstream-Status: Backport [https://git.gnome.org/browse/
> libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
> -CVE: CVE-2017-0663
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/valid.c b/valid.c
> -index 19f84b8..e03d35e 100644
> ---- a/valid.c
> -+++ b/valid.c
> -@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr
> ns, const xmlChar *value) {
> - }
> - }
> -
> -+ /*
> -+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
> -+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
> -+ * no practical sense to use ID types anyway.
> -+ */
> -+#if 0
> - /* Validity Constraint: ID uniqueness */
> - if (attrDecl->atype == XML_ATTRIBUTE_ID) {
> - if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
> -@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr
> ns, const xmlChar *value) {
> - if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
> - ret = 0;
> - }
> -+#endif
> -
> - /* Validity Constraint: Notation Attributes */
> - if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
> deleted file mode 100644
> index 571b05c..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
> +++ /dev/null
> @@ -1,62 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2017-5969
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/
> show_bug.cgi?id=758422
> -
> -valid: Fix NULL pointer deref in xmlDumpElementContent
> -
> -Can only be triggered in recovery mode.
> -
> -Fixes bug 758422
> -
> -Upstream-Status: Backport - [https://git.gnome.org/browse/
> libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882]
> -CVE: CVE-2017-5969
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/valid.c b/valid.c
> -index 19f84b8..0a8e58a 100644
> ---- a/valid.c
> -+++ b/valid.c
> -@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf,
> xmlElementContentPtr content, int glob)
> - xmlBufferWriteCHAR(buf, content->name);
> - break;
> - case XML_ELEMENT_CONTENT_SEQ:
> -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
> -+ if ((content->c1 != NULL) &&
> -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
> - xmlDumpElementContent(buf, content->c1, 1);
> - else
> - xmlDumpElementContent(buf, content->c1, 0);
> - xmlBufferWriteChar(buf, " , ");
> -- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
> -- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
> -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
> -+ if ((content->c2 != NULL) &&
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
> -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
> - xmlDumpElementContent(buf, content->c2, 1);
> - else
> - xmlDumpElementContent(buf, content->c2, 0);
> - break;
> - case XML_ELEMENT_CONTENT_OR:
> -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
> -+ if ((content->c1 != NULL) &&
> -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
> - xmlDumpElementContent(buf, content->c1, 1);
> - else
> - xmlDumpElementContent(buf, content->c1, 0);
> - xmlBufferWriteChar(buf, " | ");
> -- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
> -- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
> -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
> -+ if ((content->c2 != NULL) &&
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
> -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
> - xmlDumpElementContent(buf, content->c2, 1);
> - else
> - xmlDumpElementContent(buf, content->c2, 0);
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
> deleted file mode 100644
> index 26779aa..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
> +++ /dev/null
> @@ -1,37 +0,0 @@
> -From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
> -From: Hongxu Jia <hongxu.jia@windriver.com>
> -Date: Wed, 23 Aug 2017 16:04:49 +0800
> -Subject: [PATCH] fix CVE-2017-8872
> -
> -this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
> -il too here.
> -
> -this seems to cure this specific issue, and also passes the testsuite
> -
> -Signed-off-by: Marcus Meissner <meissner@suse.de>
> -
> -https://bugzilla.gnome.org/show_bug.cgi?id=775200
> -Upstream-Status: Backport [https://bugzilla.gnome.org/
> attachment.cgi?id=355527&action=diff]
> -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
> ----
> - parser.c | 4 ++++
> - 1 file changed, 4 insertions(+)
> -
> -diff --git a/parser.c b/parser.c
> -index 9506ead..6c07ffd 100644
> ---- a/parser.c
> -+++ b/parser.c
> -@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
> - }
> - ctxt->input->cur = BAD_CAST"";
> - ctxt->input->base = ctxt->input->cur;
> -+ if (ctxt->input->buf) {
> -+ xmlBufEmpty (ctxt->input->buf->buffer);
> -+ } else
> -+ ctxt->input->length = 0;
> - }
> - }
> -
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_
> CVE-2017-9048.patch
> deleted file mode 100644
> index 8b03456..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_
> CVE-2017-9048.patch
> +++ /dev/null
> @@ -1,103 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/
> show_bug.cgi?id=781333
> - -- https://bugzilla.gnome.org/show_bug.cgi?id=781701
> -
> -valid: Fix buffer size checks in xmlSnprintfElementContent
> -
> -xmlSnprintfElementContent failed to correctly check the available
> -buffer space in two locations.
> -
> -Fixes bug 781333 and bug 781701
> -
> -Upstream-Status: Backport [https://git.gnome.org/browse/
> libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
> -CVE: CVE-2017-9047 CVE-2017-9048
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/result/valid/781333.xml b/result/valid/781333.xml
> -new file mode 100644
> -index 0000000..01baf11
> ---- /dev/null
> -+++ b/result/valid/781333.xml
> -@@ -0,0 +1,5 @@
> -+<?xml version="1.0"?>
> -+<!DOCTYPE a [
> -+<!ELEMENT a (pppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppp:llllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> lllllllllllllllllllllllllllllll!
> lllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllll!
> lllllllll
> lllllllllllllllllllllllllllllllll)>
> -+]>
> -+<a/>
> -diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
> -new file mode 100644
> -index 0000000..2176200
> ---- /dev/null
> -+++ b/result/valid/781333.xml.err
> -@@ -0,0 +1,3 @@
> -+./test/valid/781333.xml:4: element a: validity error : Element a content
> does not follow the DTD, expecting ( ..., got
> -+<a/>
> -+ ^
> -diff --git a/result/valid/781333.xml.err.rdr
> b/result/valid/781333.xml.err.rdr
> -new file mode 100644
> -index 0000000..1195a04
> ---- /dev/null
> -+++ b/result/valid/781333.xml.err.rdr
> -@@ -0,0 +1,6 @@
> -+./test/valid/781333.xml:4: element a: validity error : Element a content
> does not follow the DTD, expecting ( ..., got
> -+<a/>
> -+ ^
> -+./test/valid/781333.xml:5: element a: validity error : Element a content
> does not follow the DTD, Expecting more child
> -+
> -+^
> -diff --git a/test/valid/781333.xml b/test/valid/781333.xml
> -new file mode 100644
> -index 0000000..bceac9c
> ---- /dev/null
> -+++ b/test/valid/781333.xml
> -@@ -0,0 +1,4 @@
> -+<!DOCTYPE a [
> -+ <!ELEMENT a (pppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> lllllllllllllllllllllllllll!
> lllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> llllllllllllllllllllllllllll!
> lllllllll
> lllllllllllllllllllllllllllllllllllll)>
> -+]>
> -+<a/>
> -diff --git a/valid.c b/valid.c
> -index 19f84b8..aaa30f6 100644
> ---- a/valid.c
> -+++ b/valid.c
> -@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size,
> xmlElementContentPtr content, int
> - case XML_ELEMENT_CONTENT_PCDATA:
> - strcat(buf, "#PCDATA");
> - break;
> -- case XML_ELEMENT_CONTENT_ELEMENT:
> -+ case XML_ELEMENT_CONTENT_ELEMENT: {
> -+ int qnameLen = xmlStrlen(content->name);
> -+
> -+ if (content->prefix != NULL)
> -+ qnameLen += xmlStrlen(content->prefix) + 1;
> -+ if (size - len < qnameLen + 10) {
> -+ strcat(buf, " ...");
> -+ return;
> -+ }
> - if (content->prefix != NULL) {
> -- if (size - len < xmlStrlen(content->prefix) + 10) {
> -- strcat(buf, " ...");
> -- return;
> -- }
> - strcat(buf, (char *) content->prefix);
> - strcat(buf, ":");
> - }
> -- if (size - len < xmlStrlen(content->name) + 10) {
> -- strcat(buf, " ...");
> -- return;
> -- }
> - if (content->name != NULL)
> - strcat(buf, (char *) content->name);
> - break;
> -+ }
> - case XML_ELEMENT_CONTENT_SEQ:
> - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> - (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
> -@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size,
> xmlElementContentPtr content, int
> - xmlSnprintfElementContent(buf, size, content->c2, 0);
> - break;
> - }
> -+ if (size - strlen(buf) <= 2) return;
> - if (englob)
> - strcat(buf, ")");
> - switch (content->ocur) {
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_
> CVE-2017-9050.patch
> deleted file mode 100644
> index 591075d..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_
> CVE-2017-9050.patch
> +++ /dev/null
> @@ -1,291 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/
> show_bug.cgi?id=781205
> - -- https://bugzilla.gnome.org/show_bug.cgi?id=781361
> -
> -parser: Fix handling of parameter-entity references
> -
> -There were two bugs where parameter-entity references could lead to an
> -unexpected change of the input buffer in xmlParseNameComplex and
> -xmlDictLookup being called with an invalid pointer.
> -
> -Percent sign in DTD Names
> -=========================
> -
> -The NEXTL macro used to call xmlParserHandlePEReference. When parsing
> -"complex" names inside the DTD, this could result in entity expansion
> -which created a new input buffer. The fix is to simply remove the call
> -to xmlParserHandlePEReference from the NEXTL macro. This is safe because
> -no users of the macro require expansion of parameter entities.
> -
> -- xmlParseNameComplex
> -- xmlParseNCNameComplex
> -- xmlParseNmtoken
> -
> -The percent sign is not allowed in names, which are grammatical tokens.
> -
> -- xmlParseEntityValue
> -
> -Parameter-entity references in entity values are expanded but this
> -happens in a separate step in this function.
> -
> -- xmlParseSystemLiteral
> -
> -Parameter-entity references are ignored in the system literal.
> -
> -- xmlParseAttValueComplex
> -- xmlParseCharDataComplex
> -- xmlParseCommentComplex
> -- xmlParsePI
> -- xmlParseCDSect
> -
> -Parameter-entity references are ignored outside the DTD.
> -
> -- xmlLoadEntityContent
> -
> -This function is only called from xmlStringLenDecodeEntities and
> -entities are replaced in a separate step immediately after the function
> -call.
> -
> -This bug could also be triggered with an internal subset and double
> -entity expansion.
> -
> -This fixes bug 766956 initially reported by Wei Lei and independently by
> -Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
> -involved.
> -
> -xmlParseNameComplex with XML_PARSE_OLD10
> -========================================
> -
> -When parsing Names inside an expanded parameter entity with the
> -XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
> -GROW macro if the input buffer was exhausted. At the end of the
> -parameter entity's replacement text, this function would then call
> -xmlPopInput which invalidated the input buffer.
> -
> -There should be no need to invoke GROW in this situation because the
> -buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
> -at least for UTF-8, in xmlCurrentChar. This also matches the code path
> -executed when XML_PARSE_OLD10 is not set.
> -
> -This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
> -Thanks to Marcel Böhme and Thuan Pham for the report.
> -
> -Additional hardening
> -====================
> -
> -A separate check was added in xmlParseNameComplex to validate the
> -buffer size.
> -
> -Fixes bug 781205 and bug 781361
> -
> -Upstream-Status: Backport [https://git.gnome.org/browse/
> libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
> -CVE: CVE-2017-9049 CVE-2017-9050
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/Makefile.am b/Makefile.am
> -index 9f988b0..dab15a4 100644
> ---- a/Makefile.am
> -+++ b/Makefile.am
> -@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
> - if [ -n "$$log" ] ; then echo $$name result ; echo $$log ;
> fi ; \
> - rm result.$$name error.$$name ; \
> - fi ; fi ; done)
> -+ @echo "## Error cases regression tests (old 1.0)"
> -+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
> -+ name=`basename $$i`; \
> -+ if [ ! -d $$i ] ; then \
> -+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
> -+ echo New test file $$name ; \
> -+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
> -+ 2> $(srcdir)/result/errors10/$$name.err \
> -+ > $(srcdir)/result/errors10/$$name ; \
> -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0";
> \
> -+ else \
> -+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2>
> error.$$name > result.$$name ; \
> -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0";
> \
> -+ diff $(srcdir)/result/errors10/$$name result.$$name ; \
> -+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
> -+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ;
> fi ; \
> -+ rm result.$$name error.$$name ; \
> -+ fi ; fi ; done)
> - @echo "## Error cases stream regression tests"
> - -@(for i in $(srcdir)/test/errors/*.xml ; do \
> - name=`basename $$i`; \
> -diff --git a/parser.c b/parser.c
> -index 609a270..8e11c12 100644
> ---- a/parser.c
> -+++ b/parser.c
> -@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
> - ctxt->input->line++; ctxt->input->col = 1; \
> - } else ctxt->input->col++;
> \
> - ctxt->input->cur += l; \
> -- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
> - } while (0)
> -
> - #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
> -@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
> - len += l;
> - NEXTL(l);
> - c = CUR_CHAR(l);
> -- if (c == 0) {
> -- count = 0;
> -- GROW;
> -- if (ctxt->instate == XML_PARSER_EOF)
> -- return(NULL);
> -- c = CUR_CHAR(l);
> -- }
> - }
> - }
> - if ((len > XML_MAX_NAME_LENGTH) &&
> -@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
> - xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
> - return(NULL);
> - }
> -+ if (ctxt->input->cur - ctxt->input->base < len) {
> -+ /*
> -+ * There were a couple of bugs where PERefs lead to to a change
> -+ * of the buffer. Check the buffer size to avoid passing an
> invalid
> -+ * pointer to xmlDictLookup.
> -+ */
> -+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
> -+ "unexpected change of input buffer");
> -+ return (NULL);
> -+ }
> - if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
> - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1),
> len));
> - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
> -diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
> -new file mode 100644
> -index 0000000..e69de29
> -diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.
> err
> -new file mode 100644
> -index 0000000..da15c3f
> ---- /dev/null
> -+++ b/result/errors10/781205.xml.err
> -@@ -0,0 +1,21 @@
> -+Entity: line 1: parser error : internal error: xmlParseInternalSubset:
> error detected in Markup declaration
> -+
> -+ %a;
> -+ ^
> -+Entity: line 1:
> -+<:0000
> -+^
> -+Entity: line 1: parser error : DOCTYPE improperly terminated
> -+ %a;
> -+ ^
> -+Entity: line 1:
> -+<:0000
> -+^
> -+namespace error : Failed to parse QName ':0000'
> -+ %a;
> -+ ^
> -+<:0000
> -+ ^
> -+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start
> Tag :0000 line 1
> -+
> -+^
> -diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
> -new file mode 100644
> -index 0000000..e69de29
> -diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.
> err
> -new file mode 100644
> -index 0000000..655f41a
> ---- /dev/null
> -+++ b/result/errors10/781361.xml.err
> -@@ -0,0 +1,13 @@
> -+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl:
> 'EMPTY', 'ANY' or '(' expected
> -+
> -+^
> -+./test/errors10/781361.xml:4: parser error : internal error:
> xmlParseInternalSubset: error detected in Markup declaration
> -+
> -+
> -+^
> -+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly
> terminated
> -+
> -+^
> -+./test/errors10/781361.xml:4: parser error : Start tag expected, '<'
> not found
> -+
> -+^
> -diff --git a/result/valid/766956.xml b/result/valid/766956.xml
> -new file mode 100644
> -index 0000000..e69de29
> -diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
> -new file mode 100644
> -index 0000000..34b1dae
> ---- /dev/null
> -+++ b/result/valid/766956.xml.err
> -@@ -0,0 +1,9 @@
> -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
> -+%ä%ent;
> -+ ^
> -+Entity: line 1: parser error : Content error in the external subset
> -+ %ent;
> -+ ^
> -+Entity: line 1:
> -+value
> -+^
> -diff --git a/result/valid/766956.xml.err.rdr
> b/result/valid/766956.xml.err.rdr
> -new file mode 100644
> -index 0000000..7760346
> ---- /dev/null
> -+++ b/result/valid/766956.xml.err.rdr
> -@@ -0,0 +1,10 @@
> -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
> -+%ä%ent;
> -+ ^
> -+Entity: line 1: parser error : Content error in the external subset
> -+ %ent;
> -+ ^
> -+Entity: line 1:
> -+value
> -+^
> -+./test/valid/766956.xml : failed to parse
> -diff --git a/runtest.c b/runtest.c
> -index bb74d2a..63e8c20 100644
> ---- a/runtest.c
> -+++ b/runtest.c
> -@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
> - { "Error cases regression tests",
> - errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
> - 0 },
> -+ { "Error cases regression tests (old 1.0)",
> -+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "",
> ".err",
> -+ XML_PARSE_OLD10 },
> - #ifdef LIBXML_READER_ENABLED
> - { "Error cases stream regression tests",
> - streamParseTest, "./test/errors/*.xml", "result/errors/", NULL,
> ".str",
> -diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
> -new file mode 100644
> -index 0000000..d9e9e83
> ---- /dev/null
> -+++ b/test/errors10/781205.xml
> -@@ -0,0 +1,3 @@
> -+<!DOCTYPE D [
> -+ <!ENTITY % a "<:0000">
> -+ %a;
> -diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
> -new file mode 100644
> -index 0000000..67476bc
> ---- /dev/null
> -+++ b/test/errors10/781361.xml
> -@@ -0,0 +1,3 @@
> -+<!DOCTYPE doc [
> -+ <!ENTITY % elem "<!ELEMENT e0000000000">
> -+ %elem;
> -diff --git a/test/valid/766956.xml b/test/valid/766956.xml
> -new file mode 100644
> -index 0000000..19a95a0
> ---- /dev/null
> -+++ b/test/valid/766956.xml
> -@@ -0,0 +1,2 @@
> -+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
> -+<test/>
> -diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
> -new file mode 100644
> -index 0000000..dddde68
> ---- /dev/null
> -+++ b/test/valid/dtds/766956.dtd
> -@@ -0,0 +1,2 @@
> -+<!ENTITY % ent "value">
> -+%ä%ent;
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
> deleted file mode 100644
> index c60e32f..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_
> pointer_derefs.patch
> +++ /dev/null
> @@ -1,45 +0,0 @@
> -libxml2-2.9.4: Fix more NULL pointer derefs
> -
> -xpointer: Fix more NULL pointer derefs
> -
> -Upstream-Status: Backport [https://git.gnome.org/browse/
> libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd]
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
> -
> -diff --git a/xpointer.c b/xpointer.c
> -index 676c510..074db24 100644
> ---- a/xpointer.c
> -+++ b/xpointer.c
> -@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start,
> xmlXPathObjectPtr end) {
> - /*
> - * Empty set ...
> - */
> -- if (end->nodesetval->nodeNr <= 0)
> -+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <=
> 0))
> - return(NULL);
> - break;
> - default:
> -@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr
> ctx) {
> - */
> - xmlNodeSetPtr set;
> - set = tmp->nodesetval;
> -- if ((set->nodeNr != 1) ||
> -+ if ((set == NULL) || (set->nodeNr != 1) ||
> - (set->nodeTab[0] != (xmlNodePtr) ctx->doc))
> - stack++;
> - } else
> -@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr
> ctxt, int nargs) {
> - xmlXPathFreeObject(set);
> - XP_ERROR(XPATH_MEMORY_ERROR);
> - }
> -- for (i = 0;i < oldset->locNr;i++) {
> -- xmlXPtrLocationSetAdd(newset,
> -- xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
> -+ if (oldset != NULL) {
> -+ for (i = 0;i < oldset->locNr;i++) {
> -+ xmlXPtrLocationSetAdd(newset,
> -+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
> -+ }
> - }
> -
> - /*
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_
> simplify_xmlParseStartTag2.patch b/meta/recipes-core/libxml/
> libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
> deleted file mode 100644
> index faa5770..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_
> simplify_xmlParseStartTag2.patch
> +++ /dev/null
> @@ -1,590 +0,0 @@
> -libxml2-2.9.4: Avoid reparsing and simplify control flow in
> xmlParseStartTag2
> -
> -[No upstream tracking]
> -
> -parser: Avoid reparsing in xmlParseStartTag2
> -
> -The code in xmlParseStartTag2 must handle the case that the input
> -buffer was grown and reallocated which can invalidate pointers to
> -attribute values. Before, this was handled by detecting changes of
> -the input buffer "base" pointer and, in case of a change, jumping
> -back to the beginning of the function and reparsing the start tag.
> -
> -The major problem of this approach is that whether an input buffer is
> -reallocated is nondeterministic, resulting in seemingly random test
> -failures. See the mailing list thread "runtest mystery bug: name2.xml
> -error case regression test" from 2012, for example.
> -
> -If a reallocation was detected, the code also made no attempts to
> -continue parsing in case of errors which makes a difference in
> -the lax "recover" mode.
> -
> -Now we store the current input buffer "base" pointer for each (not
> -separately allocated) attribute in the namespace URI field, which isn't
> -used until later. After the whole start tag was parsed, the pointers to
> -the attribute values are reconstructed using the offset between the
> -new and the old input buffer. This relies on arithmetic on dangling
> -pointers which is technically undefined behavior. But it seems like
> -the easiest and most efficient fix and a similar approach is used in
> -xmlParserInputGrow.
> -
> -This changes the error output of several tests, typically making it
> -more verbose because we try harder to continue parsing in case of errors.
> -
> -(Another possible solution is to check not only the "base" pointer
> -but the size of the input buffer as well. But this would result in
> -even more reparsing.)
> -
> -Remove some goto labels and deduplicate a bit of code after handling
> -namespaces.
> -
> -There were two bugs where parameter-entity references could lead to an
> -unexpected change of the input buffer in xmlParseNameComplex and
> -xmlDictLookup being called with an invalid pointer.
> -
> -
> -Upstream-Status: Backport
> - - [https://git.gnome.org/browse/libxml2/commit/?id=
> 07b7428b69c368611d215a140fe630b2d1e61349]
> - - [https://git.gnome.org/browse/libxml2/commit/?id=
> 855c19efb7cd30d927d673b3658563c4959ca6f0]
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/parser.c b/parser.c
> -index 609a270..74016e3 100644
> ---- a/parser.c
> -+++ b/parser.c
> -@@ -43,6 +43,7 @@
> - #include <limits.h>
> - #include <string.h>
> - #include <stdarg.h>
> -+#include <stddef.h>
> - #include <libxml/xmlmemory.h>
> - #include <libxml/threads.h>
> - #include <libxml/globals.h>
> -@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const
> xmlChar **pref,
> - const xmlChar **atts = ctxt->atts;
> - int maxatts = ctxt->maxatts;
> - int nratts, nbatts, nbdef;
> -- int i, j, nbNs, attval, oldline, oldcol, inputNr;
> -- const xmlChar *base;
> -+ int i, j, nbNs, attval;
> - unsigned long cur;
> - int nsNr = ctxt->nsNr;
> -
> -@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const
> xmlChar **pref,
> - * The Shrinking is only possible once the full set of
> attribute
> - * callbacks have been done.
> - */
> --reparse:
> - SHRINK;
> -- base = ctxt->input->base;
> - cur = ctxt->input->cur - ctxt->input->base;
> -- inputNr = ctxt->inputNr;
> -- oldline = ctxt->input->line;
> -- oldcol = ctxt->input->col;
> - nbatts = 0;
> - nratts = 0;
> - nbdef = 0;
> -@@ -9422,8 +9417,6 @@ reparse:
> - */
> - SKIP_BLANKS;
> - GROW;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> -
> - while (((RAW != '>') &&
> - ((RAW != '/') || (NXT(1) != '>')) &&
> -@@ -9434,203 +9427,174 @@ reparse:
> -
> - attname = xmlParseAttribute2(ctxt, prefix, localname,
> - &aprefix, &attvalue, &len, &alloc);
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
> -- if ((attvalue != NULL) && (alloc != 0))
> -- xmlFree(attvalue);
> -- attvalue = NULL;
> -- goto base_changed;
> -- }
> -- if ((attname != NULL) && (attvalue != NULL)) {
> -- if (len < 0) len = xmlStrlen(attvalue);
> -- if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
> -- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue,
> len);
> -- xmlURIPtr uri;
> --
> -- if (URL == NULL) {
> -- xmlErrMemory(ctxt, "dictionary allocation failure");
> -- if ((attvalue != NULL) && (alloc != 0))
> -- xmlFree(attvalue);
> -- return(NULL);
> -- }
> -- if (*URL != 0) {
> -- uri = xmlParseURI((const char *) URL);
> -- if (uri == NULL) {
> -- xmlNsErr(ctxt, XML_WAR_NS_URI,
> -- "xmlns: '%s' is not a valid URI\n",
> -- URL, NULL, NULL);
> -- } else {
> -- if (uri->scheme == NULL) {
> -- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -- "xmlns: URI %s is not absolute\n",
> -- URL, NULL, NULL);
> -- }
> -- xmlFreeURI(uri);
> -- }
> -- if (URL == ctxt->str_xml_ns) {
> -- if (attname != ctxt->str_xml) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xml namespace URI cannot be the default
> namespace\n",
> -- NULL, NULL, NULL);
> -- }
> -- goto skip_default_ns;
> -- }
> -- if ((len == 29) &&
> -- (xmlStrEqual(URL,
> -- BAD_CAST "http://www.w3.org/2000/xmlns/")))
> {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "reuse of the xmlns namespace name is
> forbidden\n",
> -- NULL, NULL, NULL);
> -- goto skip_default_ns;
> -- }
> -- }
> -- /*
> -- * check that it's not a defined namespace
> -- */
> -- for (j = 1;j <= nbNs;j++)
> -- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
> -- break;
> -- if (j <= nbNs)
> -- xmlErrAttributeDup(ctxt, NULL, attname);
> -- else
> -- if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
> --skip_default_ns:
> -- if ((attvalue != NULL) && (alloc != 0)) {
> -- xmlFree(attvalue);
> -- attvalue = NULL;
> -- }
> -- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
> -- break;
> -- if (!IS_BLANK_CH(RAW)) {
> -- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
> -- "attributes construct error\n");
> -- break;
> -- }
> -- SKIP_BLANKS;
> -- if ((ctxt->input->base != base) || (inputNr !=
> ctxt->inputNr))
> -- goto base_changed;
> -- continue;
> -- }
> -- if (aprefix == ctxt->str_xmlns) {
> -- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue,
> len);
> -- xmlURIPtr uri;
> --
> -- if (attname == ctxt->str_xml) {
> -- if (URL != ctxt->str_xml_ns) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xml namespace prefix mapped to wrong
> URI\n",
> -- NULL, NULL, NULL);
> -- }
> -- /*
> -- * Do not keep a namespace definition node
> -- */
> -- goto skip_ns;
> -- }
> -+ if ((attname == NULL) || (attvalue == NULL))
> -+ goto next_attr;
> -+ if (len < 0) len = xmlStrlen(attvalue);
> -+
> -+ if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
> -+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue,
> len);
> -+ xmlURIPtr uri;
> -+
> -+ if (URL == NULL) {
> -+ xmlErrMemory(ctxt, "dictionary allocation failure");
> -+ if ((attvalue != NULL) && (alloc != 0))
> -+ xmlFree(attvalue);
> -+ return(NULL);
> -+ }
> -+ if (*URL != 0) {
> -+ uri = xmlParseURI((const char *) URL);
> -+ if (uri == NULL) {
> -+ xmlNsErr(ctxt, XML_WAR_NS_URI,
> -+ "xmlns: '%s' is not a valid URI\n",
> -+ URL, NULL, NULL);
> -+ } else {
> -+ if (uri->scheme == NULL) {
> -+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -+ "xmlns: URI %s is not absolute\n",
> -+ URL, NULL, NULL);
> -+ }
> -+ xmlFreeURI(uri);
> -+ }
> - if (URL == ctxt->str_xml_ns) {
> -- if (attname != ctxt->str_xml) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xml namespace URI mapped to wrong
> prefix\n",
> -- NULL, NULL, NULL);
> -- }
> -- goto skip_ns;
> -- }
> -- if (attname == ctxt->str_xmlns) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "redefinition of the xmlns prefix is
> forbidden\n",
> -- NULL, NULL, NULL);
> -- goto skip_ns;
> -- }
> -- if ((len == 29) &&
> -- (xmlStrEqual(URL,
> -- BAD_CAST "http://www.w3.org/2000/xmlns/")))
> {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "reuse of the xmlns namespace name is
> forbidden\n",
> -- NULL, NULL, NULL);
> -- goto skip_ns;
> -- }
> -- if ((URL == NULL) || (URL[0] == 0)) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xmlns:%s: Empty XML namespace is not
> allowed\n",
> -- attname, NULL, NULL);
> -- goto skip_ns;
> -- } else {
> -- uri = xmlParseURI((const char *) URL);
> -- if (uri == NULL) {
> -- xmlNsErr(ctxt, XML_WAR_NS_URI,
> -- "xmlns:%s: '%s' is not a valid URI\n",
> -- attname, URL, NULL);
> -- } else {
> -- if ((ctxt->pedantic) && (uri->scheme == NULL)) {
> -- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -- "xmlns:%s: URI %s is not absolute\n",
> -- attname, URL, NULL);
> -- }
> -- xmlFreeURI(uri);
> -- }
> -- }
> --
> -- /*
> -- * check that it's not a defined namespace
> -- */
> -- for (j = 1;j <= nbNs;j++)
> -- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
> -- break;
> -- if (j <= nbNs)
> -- xmlErrAttributeDup(ctxt, aprefix, attname);
> -- else
> -- if (nsPush(ctxt, attname, URL) > 0) nbNs++;
> --skip_ns:
> -- if ((attvalue != NULL) && (alloc != 0)) {
> -- xmlFree(attvalue);
> -- attvalue = NULL;
> -- }
> -- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
> -- break;
> -- if (!IS_BLANK_CH(RAW)) {
> -- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
> -- "attributes construct error\n");
> -- break;
> -- }
> -- SKIP_BLANKS;
> -- if ((ctxt->input->base != base) || (inputNr !=
> ctxt->inputNr))
> -- goto base_changed;
> -- continue;
> -- }
> -+ if (attname != ctxt->str_xml) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xml namespace URI cannot be the default
> namespace\n",
> -+ NULL, NULL, NULL);
> -+ }
> -+ goto next_attr;
> -+ }
> -+ if ((len == 29) &&
> -+ (xmlStrEqual(URL,
> -+ BAD_CAST "http://www.w3.org/2000/xmlns/")))
> {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "reuse of the xmlns namespace name is
> forbidden\n",
> -+ NULL, NULL, NULL);
> -+ goto next_attr;
> -+ }
> -+ }
> -+ /*
> -+ * check that it's not a defined namespace
> -+ */
> -+ for (j = 1;j <= nbNs;j++)
> -+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
> -+ break;
> -+ if (j <= nbNs)
> -+ xmlErrAttributeDup(ctxt, NULL, attname);
> -+ else
> -+ if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
> -+
> -+ } else if (aprefix == ctxt->str_xmlns) {
> -+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue,
> len);
> -+ xmlURIPtr uri;
> -+
> -+ if (attname == ctxt->str_xml) {
> -+ if (URL != ctxt->str_xml_ns) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xml namespace prefix mapped to wrong
> URI\n",
> -+ NULL, NULL, NULL);
> -+ }
> -+ /*
> -+ * Do not keep a namespace definition node
> -+ */
> -+ goto next_attr;
> -+ }
> -+ if (URL == ctxt->str_xml_ns) {
> -+ if (attname != ctxt->str_xml) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xml namespace URI mapped to wrong
> prefix\n",
> -+ NULL, NULL, NULL);
> -+ }
> -+ goto next_attr;
> -+ }
> -+ if (attname == ctxt->str_xmlns) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "redefinition of the xmlns prefix is
> forbidden\n",
> -+ NULL, NULL, NULL);
> -+ goto next_attr;
> -+ }
> -+ if ((len == 29) &&
> -+ (xmlStrEqual(URL,
> -+ BAD_CAST "http://www.w3.org/2000/xmlns/")))
> {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "reuse of the xmlns namespace name is
> forbidden\n",
> -+ NULL, NULL, NULL);
> -+ goto next_attr;
> -+ }
> -+ if ((URL == NULL) || (URL[0] == 0)) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xmlns:%s: Empty XML namespace is not
> allowed\n",
> -+ attname, NULL, NULL);
> -+ goto next_attr;
> -+ } else {
> -+ uri = xmlParseURI((const char *) URL);
> -+ if (uri == NULL) {
> -+ xmlNsErr(ctxt, XML_WAR_NS_URI,
> -+ "xmlns:%s: '%s' is not a valid URI\n",
> -+ attname, URL, NULL);
> -+ } else {
> -+ if ((ctxt->pedantic) && (uri->scheme == NULL)) {
> -+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -+ "xmlns:%s: URI %s is not absolute\n",
> -+ attname, URL, NULL);
> -+ }
> -+ xmlFreeURI(uri);
> -+ }
> -+ }
> -
> -- /*
> -- * Add the pair to atts
> -- */
> -- if ((atts == NULL) || (nbatts + 5 > maxatts)) {
> -- if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
> -- if (attvalue[len] == 0)
> -- xmlFree(attvalue);
> -- goto failed;
> -- }
> -- maxatts = ctxt->maxatts;
> -- atts = ctxt->atts;
> -- }
> -- ctxt->attallocs[nratts++] = alloc;
> -- atts[nbatts++] = attname;
> -- atts[nbatts++] = aprefix;
> -- atts[nbatts++] = NULL; /* the URI will be fetched later */
> -- atts[nbatts++] = attvalue;
> -- attvalue += len;
> -- atts[nbatts++] = attvalue;
> -- /*
> -- * tag if some deallocation is needed
> -- */
> -- if (alloc != 0) attval = 1;
> -- } else {
> -- if ((attvalue != NULL) && (attvalue[len] == 0))
> -- xmlFree(attvalue);
> -- }
> -+ /*
> -+ * check that it's not a defined namespace
> -+ */
> -+ for (j = 1;j <= nbNs;j++)
> -+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
> -+ break;
> -+ if (j <= nbNs)
> -+ xmlErrAttributeDup(ctxt, aprefix, attname);
> -+ else
> -+ if (nsPush(ctxt, attname, URL) > 0) nbNs++;
> -+
> -+ } else {
> -+ /*
> -+ * Add the pair to atts
> -+ */
> -+ if ((atts == NULL) || (nbatts + 5 > maxatts)) {
> -+ if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
> -+ goto next_attr;
> -+ }
> -+ maxatts = ctxt->maxatts;
> -+ atts = ctxt->atts;
> -+ }
> -+ ctxt->attallocs[nratts++] = alloc;
> -+ atts[nbatts++] = attname;
> -+ atts[nbatts++] = aprefix;
> -+ /*
> -+ * The namespace URI field is used temporarily to point at
> the
> -+ * base of the current input buffer for non-alloced
> attributes.
> -+ * When the input buffer is reallocated, all the pointers
> become
> -+ * invalid, but they can be reconstructed later.
> -+ */
> -+ if (alloc)
> -+ atts[nbatts++] = NULL;
> -+ else
> -+ atts[nbatts++] = ctxt->input->base;
> -+ atts[nbatts++] = attvalue;
> -+ attvalue += len;
> -+ atts[nbatts++] = attvalue;
> -+ /*
> -+ * tag if some deallocation is needed
> -+ */
> -+ if (alloc != 0) attval = 1;
> -+ attvalue = NULL; /* moved into atts */
> -+ }
> -
> --failed:
> -+next_attr:
> -+ if ((attvalue != NULL) && (alloc != 0)) {
> -+ xmlFree(attvalue);
> -+ attvalue = NULL;
> -+ }
> -
> - GROW
> - if (ctxt->instate == XML_PARSER_EOF)
> - break;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> - if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
> - break;
> - if (!IS_BLANK_CH(RAW)) {
> -@@ -9646,8 +9610,20 @@ failed:
> - break;
> - }
> - GROW;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> -+ }
> -+
> -+ /* Reconstruct attribute value pointers. */
> -+ for (i = 0, j = 0; j < nratts; i += 5, j++) {
> -+ if (atts[i+2] != NULL) {
> -+ /*
> -+ * Arithmetic on dangling pointers is technically undefined
> -+ * behavior, but well...
> -+ */
> -+ ptrdiff_t offset = ctxt->input->base - atts[i+2];
> -+ atts[i+2] = NULL; /* Reset repurposed namespace URI */
> -+ atts[i+3] += offset; /* value */
> -+ atts[i+4] += offset; /* valuend */
> -+ }
> - }
> -
> - /*
> -@@ -9804,34 +9780,6 @@ failed:
> - }
> -
> - return(localname);
> --
> --base_changed:
> -- /*
> -- * the attribute strings are valid iif the base didn't changed
> -- */
> -- if (attval != 0) {
> -- for (i = 3,j = 0; j < nratts;i += 5,j++)
> -- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
> -- xmlFree((xmlChar *) atts[i]);
> -- }
> --
> -- /*
> -- * We can't switch from one entity to another in the middle
> -- * of a start tag
> -- */
> -- if (inputNr != ctxt->inputNr) {
> -- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
> -- "Start tag doesn't start and stop in the same
> entity\n");
> -- return(NULL);
> -- }
> --
> -- ctxt->input->cur = ctxt->input->base + cur;
> -- ctxt->input->line = oldline;
> -- ctxt->input->col = oldcol;
> -- if (ctxt->wellFormed == 1) {
> -- goto reparse;
> -- }
> -- return(NULL);
> - }
> -
> - /**
> -diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err
> -index e08d9bf..f6036a3 100644
> ---- a/result/errors/759398.xml.err
> -+++ b/result/errors/759398.xml.err
> -@@ -1,9 +1,12 @@
> - ./test/errors/759398.xml:210: parser error : StartTag: invalid element
> name
> - need to worry about parsers whi<! don't expand PErefs finding
> - ^
> --./test/errors/759398.xml:309: parser error : Opening and ending tag
> mismatch: spec line 50 and termdef
> -+./test/errors/759398.xml:309: parser error : Opening and ending tag
> mismatch: №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№!
> №№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№â!
> ��№№â
> ��№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№�„!
> �№№�„
> �№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№m
> line 308 and termdef
> - and provide access to their content and structure.</termdef> <termdef
> - ^
> --./test/errors/759398.xml:309: parser error : Extra content at the end
> of the document
> --and provide access to their content and structure.</termdef> <termdef
> -- ^
> -+./test/errors/759398.xml:314: parser error : Opening and ending tag
> mismatch: spec line 50 and p
> -+data and the information it must provide to the application.</p>
> -+ ^
> -+./test/errors/759398.xml:316: parser error : Extra content at the end
> of the document
> -+<div2 id='sec-origin-goals'>
> -+^
> -diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err
> -index 4f08538..c4c4fc8 100644
> ---- a/result/errors/attr1.xml.err
> -+++ b/result/errors/attr1.xml.err
> -@@ -1,6 +1,9 @@
> - ./test/errors/attr1.xml:2: parser error : AttValue: ' expected
> -
> - ^
> --./test/errors/attr1.xml:1: parser error : Extra content at the end of
> the document
> --<foo foo="oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooo
> -- ^
> -+./test/errors/attr1.xml:2: parser error : attributes construct error
> -+
> -+^
> -+./test/errors/attr1.xml:2: parser error : Couldn't find end of Start Tag
> foo line 1
> -+
> -+^
> -diff --git a/result/errors/attr2.xml.err b/result/errors/attr2.xml.err
> -index c8a9c7d..77e342e 100644
> ---- a/result/errors/attr2.xml.err
> -+++ b/result/errors/attr2.xml.err
> -@@ -1,6 +1,9 @@
> - ./test/errors/attr2.xml:2: parser error : AttValue: ' expected
> -
> - ^
> --./test/errors/attr2.xml:1: parser error : Extra content at the end of
> the document
> --<foo foo=">oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> ooooooooo
> -- ^
> -+./test/errors/attr2.xml:2: parser error : attributes construct error
> -+
> -+^
> -+./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag
> foo line 1
> -+
> -+^
> -diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err
> -index a6649a1..8a6acee 100644
> ---- a/result/errors/name2.xml.err
> -+++ b/result/errors/name2.xml.err
> -@@ -1,6 +1,9 @@
> - ./test/errors/name2.xml:2: parser error : Specification mandate value
> for attribute fooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
> ooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooo!
> ooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooo!
> ooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooo!
> ooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooo!
> ooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> ooooooooooooooooooooo
> -
> - ^
> --./test/errors/name2.xml:1: parser error : Extra content at the end of
> the document
> --<foo fooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> ooooooooooooooo
> -- ^
> -+./test/errors/name2.xml:2: parser error : attributes construct error
> -+
> -+^
> -+./test/errors/name2.xml:2: parser error : Couldn't find end of Start Tag
> foo line 1
> -+
> -+^
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
> deleted file mode 100644
> index 65f6bef..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
> +++ /dev/null
> @@ -1,67 +0,0 @@
> -libxml2-2.9.4: Fix comparison with root node in xmlXPathCmpNodes and NULL
> pointer deref in XPointer
> -
> -xpath:
> - - Check for errors after evaluating first operand.
> - - Add sanity check for empty stack.
> - - Include comparation in changes from xmlXPathCmpNodesExt to
> xmlXPathCmpNodes
> -
> -Upstream-Status: Backport
> - - [https://git.gnome.org/browse/libxml2/commit/?id=
> c1d1f7121194036608bf555f08d3062a36fd344b]
> - - [https://git.gnome.org/browse/libxml2/commit/?id=
> a005199330b86dada19d162cae15ef9bdcb6baa8]
> -CVE: CVE-2016-5131
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
> -
> -diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
> -new file mode 100644
> -index 0000000..d589882
> ---- /dev/null
> -+++ b/result/XPath/xptr/viderror
> -@@ -0,0 +1,4 @@
> -+
> -+========================
> -+Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
> -+Object is empty (NULL)
> -diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
> -new file mode 100644
> -index 0000000..da8c53b
> ---- /dev/null
> -+++ b/test/XPath/xptr/viderror
> -@@ -0,0 +1 @@
> -+xpointer(non-existing-fn()/range-to(id('chapter2')))
> -diff --git a/xpath.c b/xpath.c
> -index 113bce6..d992841 100644
> ---- a/xpath.c
> -+++ b/xpath.c
> -@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr
> node2) {
> - * compute depth to root
> - */
> - for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
> -- if (cur == node1)
> -+ if (cur->parent == node1)
> - return(1);
> - depth2++;
> - }
> - root = cur;
> - for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
> -- if (cur == node2)
> -+ if (cur->parent == node2)
> - return(-1);
> - depth1++;
> - }
> -@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr
> ctxt, xmlXPathStepOpPtr op)
> - xmlNodeSetPtr oldset;
> - int i, j;
> -
> -- if (op->ch1 != -1)
> -+ if (op->ch1 != -1) {
> - total +=
> - xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
> -+ CHECK_ERROR0;
> -+ }
> -+ if (ctxt->value == NULL) {
> -+ XP_ERROR0(XPATH_INVALID_OPERAND);
> -+ }
> - if (op->ch2 == -1)
> - return (total);
> -
> diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch
> b/meta/recipes-core/libxml/libxml2/runtest.patch
> index 6e56857..cb171d5 100644
> --- a/meta/recipes-core/libxml/libxml2/runtest.patch
> +++ b/meta/recipes-core/libxml/libxml2/runtest.patch
> @@ -2,47 +2,29 @@ Add 'install-ptest' rule.
> Print a standard result line for each test.
>
> Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
> -Signed-off-by: Andrej Valek <andrej.valek@enea.com>
> +Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> Upstream-Status: Backport
>
> diff -uNr a/Makefile.am b/Makefile.am
> ---- a/Makefile.am 2016-05-22 03:49:02.000000000 +0200
> -+++ b/Makefile.am 2017-06-14 10:38:43.381305385 +0200
> -@@ -202,10 +202,24 @@
> +--- a/Makefile.am 2017-08-28 15:01:14.000000000 +0200
> ++++ b/Makefile.am 2017-09-05 08:06:05.752287323 +0200
> +@@ -202,6 +202,15 @@
> #testOOM_DEPENDENCIES = $(DEPS)
> #testOOM_LDADD= $(LDADDS)
>
> +install-ptest:
> + @(if [ -d .libs ] ; then cd .libs; fi; \
> -+ install $(noinst_PROGRAMS) $(DESTDIR))
> ++ install $(check_PROGRAMS) $(DESTDIR))
> + cp -r $(srcdir)/test $(DESTDIR)
> + cp -r $(srcdir)/result $(DESTDIR)
> + cp -r $(srcdir)/python $(DESTDIR)
> + cp Makefile $(DESTDIR)
> + sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile
> +
> - runtests:
> + runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \
> + testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT)
> [ -d test ] || $(LN_S) $(srcdir)/test .
> - [ -d result ] || $(LN_S) $(srcdir)/result .
> -- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT)
> &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&&
> $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
> -+ $(CHECKER) ./runtest$(EXEEXT) && \
> -+ $(CHECKER) ./testrecurse$(EXEEXT) && \
> -+ ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER)
> ./testapi$(EXEEXT) && \
> -+ $(CHECKER) ./testchar$(EXEEXT) && \
> -+ $(CHECKER) ./testdict$(EXEEXT) && \
> -+ $(CHECKER) ./runxmlconf$(EXEEXT)
> - @(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \
> - $(MAKE) tests ; fi)
> -
> -@@ -229,7 +243,7 @@
> -
> - APItests: testapi$(EXEEXT)
> - @echo "## Running the API regression tests this may take a little
> while"
> -- -@($(CHECKER) $(top_builddir)/testapi -q)
> -+ -@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER)
> $(top_builddir)/testapi -q)
> -
> - HTMLtests : testHTML$(EXEEXT)
> - @(echo > .memdump)
> +
> diff -uNr a/runsuite.c b/runsuite.c
> --- a/runsuite.c 2013-04-12 16:17:11.462823238 +0200
> +++ b/runsuite.c 2013-04-17 14:07:24.352693211 +0200
> diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb
> b/meta/recipes-core/libxml/libxml2_2.9.5.bb
> similarity index 85%
> rename from meta/recipes-core/libxml/libxml2_2.9.4.bb
> rename to meta/recipes-core/libxml/libxml2_2.9.5.bb
> index 107539b..16391c3 100644
> --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
> +++ b/meta/recipes-core/libxml/libxml2_2.9.5.bb
> @@ -19,21 +19,11 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/
> libxml2-${PV}.tar.gz;name=libtar \
> file://run-ptest \
> file://python-sitepackages-dir.patch \
> file://libxml-m4-use-pkgconfig.patch \
> - file://libxml2-fix_node_comparison.patch \
> - file://libxml2-CVE-2016-5131.patch \
> - file://libxml2-CVE-2016-4658.patch \
> - file://libxml2-fix_NULL_pointer_derefs.patch \
> - file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
> - file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
> - file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
> - file://libxml2-CVE-2017-5969.patch \
> - file://libxml2-CVE-2017-0663.patch \
> - file://libxml2-CVE-2017-8872.patch \
> file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch
> \
> "
>
> -SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
> -SRC_URI[libtar.sha256sum] = "ffb911191e509b966deb55de705387
> f14156e1a56b21824357cdf0053233633c"
> +SRC_URI[libtar.md5sum] = "5ce0da9bdaa267b40c4ca36d35363b8b"
> +SRC_URI[libtar.sha256sum] = "4031c1ecee9ce7ba4f313e91ef6284
> 164885cdb69937a123f6a83bb6a72dcd38"
> SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a"
> SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d6
> 1e6284d4d6e66e0e440c209286c03e9cc7"
>
> --
> 2.1.4
>
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
>
[-- Attachment #2: Type: text/html, Size: 124865 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* [PATCH v3] libxml2: 2.9.4 -> 2.9.5
2017-09-05 6:35 [PATCH] libxml2: 2.9.4 -> 2.9.5 Andrej Valek
2017-09-05 9:19 ` Burton, Ross
2017-09-28 12:06 ` [PATCH v2] " Andrej Valek
@ 2017-09-29 7:08 ` Andrej Valek
2017-10-06 7:27 ` [PATCH v3] libxml2: 2.9.4 -> 2.9.6 Andrej Valek
2017-10-09 6:29 ` [PATCH v4] " Andrej Valek
4 siblings, 0 replies; 24+ messages in thread
From: Andrej Valek @ 2017-09-29 7:08 UTC (permalink / raw)
To: openembedded-core
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=UTF-8, Size: 91288 bytes --]
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
---
.../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +-
.../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 ----------
.../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 -------
.../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 --
.../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ---
.../libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 --
.../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ----
.../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ----------
.../libxml2/libxml2-fix_NULL_pointer_derefs.patch | 45 --
...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 ---------------------
.../libxml2/libxml2-fix_node_comparison.patch | 67 ---
meta/recipes-core/libxml/libxml2/runtest.patch | 34 +-
.../libxml/{libxml2_2.9.4.bb => libxml2_2.9.5.bb} | 18 +-
13 files changed, 15 insertions(+), 1723 deletions(-)
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
rename meta/recipes-core/libxml/{libxml2_2.9.4.bb => libxml2_2.9.5.bb} (85%)
diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
index 3277165..d9ed151 100644
--- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
+++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
@@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644
- echo "*** If you have an old version installed, it is best to remove it, although"
- echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ],
- [ echo "*** The test program failed to compile or link. See the file config.log for the"
-- echo "*** exact error that occured. This usually means LIBXML was incorrectly installed"
+- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed"
- echo "*** or that you have moved LIBXML since it was installed. In the latter case, you"
- echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ])
- CPPFLAGS="$ac_save_CPPFLAGS"
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
deleted file mode 100644
index bb55eed..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
+++ /dev/null
@@ -1,269 +0,0 @@
-libxml2-2.9.4: Fix CVE-2016-4658
-
-[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658
-
-xpointer: Disallow namespace nodes in XPointer points and ranges
-
-Namespace nodes must be copied to avoid use-after-free errors.
-But they don't necessarily have a physical representation in a
-document, so simply disallow them in XPointer ranges.
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=3f8a91036d338e51c059d54397a42d645f019c65]
-CVE: CVE-2016-4658
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..911680d 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
- }
-
- /**
-+ * xmlXPtrNewRangeInternal:
-+ * @start: the starting node
-+ * @startindex: the start index
-+ * @end: the ending point
-+ * @endindex: the ending index
-+ *
-+ * Internal function to create a new xmlXPathObjectPtr of type range
-+ *
-+ * Returns the newly created object.
-+ */
-+static xmlXPathObjectPtr
-+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
-+ xmlNodePtr end, int endindex) {
-+ xmlXPathObjectPtr ret;
-+
-+ /*
-+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
-+ * Disallow them for now.
-+ */
-+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+
-+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-+ if (ret == NULL) {
-+ xmlXPtrErrMemory("allocating range");
-+ return(NULL);
-+ }
-+ memset(ret, 0, sizeof(xmlXPathObject));
-+ ret->type = XPATH_RANGE;
-+ ret->user = start;
-+ ret->index = startindex;
-+ ret->user2 = end;
-+ ret->index2 = endindex;
-+ return(ret);
-+}
-+
-+/**
- * xmlXPtrNewRange:
- * @start: the starting node
- * @startindex: the start index
-@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
- if (endindex < 0)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = startindex;
-- ret->user2 = end;
-- ret->index2 = endindex;
-+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
-+ end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
- if (start->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
- if (end == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- if (start == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = NULL;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
- return(ret);
- }
-
-@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- */
- xmlXPathObjectPtr
- xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
-+ xmlNodePtr endNode;
-+ int endIndex;
- xmlXPathObjectPtr ret;
-
- if (start == NULL)
-@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- return(NULL);
- switch (end->type) {
- case XPATH_POINT:
-+ endNode = end->user;
-+ endIndex = end->index;
-+ break;
- case XPATH_RANGE:
-+ endNode = end->user2;
-+ endIndex = end->index2;
- break;
- case XPATH_NODESET:
- /*
-@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- */
- if (end->nodesetval->nodeNr <= 0)
- return(NULL);
-+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-+ endIndex = -1;
- break;
- default:
- /* TODO */
- return(NULL);
- }
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- switch (end->type) {
-- case XPATH_POINT:
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-- break;
-- case XPATH_RANGE:
-- ret->user2 = end->user2;
-- ret->index2 = end->index2;
-- break;
-- case XPATH_NODESET: {
-- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-- ret->index2 = -1;
-- break;
-- }
-- default:
-- STRANGE
-- return(NULL);
-- }
-+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
-@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user2;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
deleted file mode 100644
index 9d47d02..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
+++ /dev/null
@@ -1,180 +0,0 @@
-From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 14:22:23 +0200
-Subject: [PATCH] Fix XPointer paths beginning with range-to
-
-The old code would invoke the broken xmlXPtrRangeToFunction. range-to
-isn't really a function but a special kind of location step. Remove
-this function and always handle range-to in the XPath code.
-
-The old xmlXPtrRangeToFunction could also be abused to trigger a
-use-after-free error with the potential for remote code execution.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-5131.
-
-CVE: CVE-2016-5131
-Upstream-Status: Backport
-https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- result/XPath/xptr/vidbase | 13 ++++++++
- test/XPath/xptr/vidbase | 1 +
- xpath.c | 7 ++++-
- xpointer.c | 76 ++++-------------------------------------------
- 4 files changed, 26 insertions(+), 71 deletions(-)
-
-diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
-index 8b9e92d..f19193e 100644
---- a/result/XPath/xptr/vidbase
-+++ b/result/XPath/xptr/vidbase
-@@ -17,3 +17,16 @@ Object is a Location Set:
- To node
- ELEMENT p
-
-+
-+========================
-+Expression: xpointer(range-to(id('chapter2')))
-+Object is a Location Set:
-+1 : Object is a range :
-+ From node
-+ /
-+ To node
-+ ELEMENT chapter
-+ ATTRIBUTE id
-+ TEXT
-+ content=chapter2
-+
-diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
-index b146383..884b106 100644
---- a/test/XPath/xptr/vidbase
-+++ b/test/XPath/xptr/vidbase
-@@ -1,2 +1,3 @@
- xpointer(id('chapter1')/p)
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
-+xpointer(range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index d992841..5a01b1b 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
- lc = 1;
- break;
- } else if ((NXT(len) == '(')) {
-- /* Note Type or Function */
-+ /* Node Type or Function */
- if (xmlXPathIsNodeType(name)) {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
- "PathExpr: Type search\n");
- #endif
- lc = 1;
-+#ifdef LIBXML_XPTR_ENABLED
-+ } else if (ctxt->xptr &&
-+ xmlStrEqual(name, BAD_CAST "range-to")) {
-+ lc = 1;
-+#endif
- } else {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..d74174a 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
- ret->here = here;
- ret->origin = origin;
-
-- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
-- xmlXPtrRangeToFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range",
- xmlXPtrRangeFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
-@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- * @nargs: the number of args
- *
- * Implement the range-to() XPointer function
-+ *
-+ * Obsolete. range-to is not a real function but a special type of location
-+ * step which is handled in xpath.c.
- */
- void
--xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
-- xmlXPathObjectPtr range;
-- const xmlChar *cur;
-- xmlXPathObjectPtr res, obj;
-- xmlXPathObjectPtr tmp;
-- xmlLocationSetPtr newset = NULL;
-- xmlNodeSetPtr oldset;
-- int i;
--
-- if (ctxt == NULL) return;
-- CHECK_ARITY(1);
-- /*
-- * Save the expression pointer since we will have to evaluate
-- * it multiple times. Initialize the new set.
-- */
-- CHECK_TYPE(XPATH_NODESET);
-- obj = valuePop(ctxt);
-- oldset = obj->nodesetval;
-- ctxt->context->node = NULL;
--
-- cur = ctxt->cur;
-- newset = xmlXPtrLocationSetCreate(NULL);
--
-- for (i = 0; i < oldset->nodeNr; i++) {
-- ctxt->cur = cur;
--
-- /*
-- * Run the evaluation with a node list made of a single item
-- * in the nodeset.
-- */
-- ctxt->context->node = oldset->nodeTab[i];
-- tmp = xmlXPathNewNodeSet(ctxt->context->node);
-- valuePush(ctxt, tmp);
--
-- xmlXPathEvalExpr(ctxt);
-- CHECK_ERROR;
--
-- /*
-- * The result of the evaluation need to be tested to
-- * decided whether the filter succeeded or not
-- */
-- res = valuePop(ctxt);
-- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
-- if (range != NULL) {
-- xmlXPtrLocationSetAdd(newset, range);
-- }
--
-- /*
-- * Cleanup
-- */
-- if (res != NULL)
-- xmlXPathFreeObject(res);
-- if (ctxt->value == tmp) {
-- res = valuePop(ctxt);
-- xmlXPathFreeObject(res);
-- }
--
-- ctxt->context->node = NULL;
-- }
--
-- /*
-- * The result is used as the new evaluation set.
-- */
-- xmlXPathFreeObject(obj);
-- ctxt->context->node = NULL;
-- ctxt->context->contextSize = -1;
-- ctxt->context->proximityPosition = -1;
-- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
-+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
-+ int nargs ATTRIBUTE_UNUSED) {
-+ XP_ERROR(XPATH_EXPR_ERROR);
- }
-
- /**
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
deleted file mode 100644
index 0108265..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-libxml2: Fix CVE-2017-0663
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
-
-valid: Fix type confusion in xmlValidateOneNamespace
-
-Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
-on namespace declarations make no practical sense anyway.
-
-Fixes bug 780228
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
-CVE: CVE-2017-0663
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..e03d35e 100644
---- a/valid.c
-+++ b/valid.c
-@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- }
- }
-
-+ /*
-+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
-+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
-+ * no practical sense to use ID types anyway.
-+ */
-+#if 0
- /* Validity Constraint: ID uniqueness */
- if (attrDecl->atype == XML_ATTRIBUTE_ID) {
- if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
-@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
- ret = 0;
- }
-+#endif
-
- /* Validity Constraint: Notation Attributes */
- if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
deleted file mode 100644
index 571b05c..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-5969
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
-
-valid: Fix NULL pointer deref in xmlDumpElementContent
-
-Can only be triggered in recovery mode.
-
-Fixes bug 758422
-
-Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882]
-CVE: CVE-2017-5969
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..0a8e58a 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
- xmlBufferWriteCHAR(buf, content->name);
- break;
- case XML_ELEMENT_CONTENT_SEQ:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " , ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
- break;
- case XML_ELEMENT_CONTENT_OR:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " | ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
deleted file mode 100644
index 26779aa..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Wed, 23 Aug 2017 16:04:49 +0800
-Subject: [PATCH] fix CVE-2017-8872
-
-this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
-il too here.
-
-this seems to cure this specific issue, and also passes the testsuite
-
-Signed-off-by: Marcus Meissner <meissner@suse.de>
-
-https://bugzilla.gnome.org/show_bug.cgi?id=775200
-Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- parser.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/parser.c b/parser.c
-index 9506ead..6c07ffd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
- }
- ctxt->input->cur = BAD_CAST"";
- ctxt->input->base = ctxt->input->cur;
-+ if (ctxt->input->buf) {
-+ xmlBufEmpty (ctxt->input->buf->buffer);
-+ } else
-+ ctxt->input->length = 0;
- }
- }
-
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
deleted file mode 100644
index 8b03456..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781701
-
-valid: Fix buffer size checks in xmlSnprintfElementContent
-
-xmlSnprintfElementContent failed to correctly check the available
-buffer space in two locations.
-
-Fixes bug 781333 and bug 781701
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9047 CVE-2017-9048
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/result/valid/781333.xml b/result/valid/781333.xml
-new file mode 100644
-index 0000000..01baf11
---- /dev/null
-+++ b/result/valid/781333.xml
-@@ -0,0 +1,5 @@
-+<?xml version="1.0"?>
-+<!DOCTYPE a [
-+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
lllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
-new file mode 100644
-index 0000000..2176200
---- /dev/null
-+++ b/result/valid/781333.xml.err
-@@ -0,0 +1,3 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
-new file mode 100644
-index 0000000..1195a04
---- /dev/null
-+++ b/result/valid/781333.xml.err.rdr
-@@ -0,0 +1,6 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
-+
-+^
-diff --git a/test/valid/781333.xml b/test/valid/781333.xml
-new file mode 100644
-index 0000000..bceac9c
---- /dev/null
-+++ b/test/valid/781333.xml
-@@ -0,0 +1,4 @@
-+<!DOCTYPE a [
-+ <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
lllllllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/valid.c b/valid.c
-index 19f84b8..aaa30f6 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- case XML_ELEMENT_CONTENT_PCDATA:
- strcat(buf, "#PCDATA");
- break;
-- case XML_ELEMENT_CONTENT_ELEMENT:
-+ case XML_ELEMENT_CONTENT_ELEMENT: {
-+ int qnameLen = xmlStrlen(content->name);
-+
-+ if (content->prefix != NULL)
-+ qnameLen += xmlStrlen(content->prefix) + 1;
-+ if (size - len < qnameLen + 10) {
-+ strcat(buf, " ...");
-+ return;
-+ }
- if (content->prefix != NULL) {
-- if (size - len < xmlStrlen(content->prefix) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- strcat(buf, (char *) content->prefix);
- strcat(buf, ":");
- }
-- if (size - len < xmlStrlen(content->name) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- if (content->name != NULL)
- strcat(buf, (char *) content->name);
- break;
-+ }
- case XML_ELEMENT_CONTENT_SEQ:
- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- xmlSnprintfElementContent(buf, size, content->c2, 0);
- break;
- }
-+ if (size - strlen(buf) <= 2) return;
- if (englob)
- strcat(buf, ")");
- switch (content->ocur) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
deleted file mode 100644
index 591075d..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
+++ /dev/null
@@ -1,291 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781205
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781361
-
-parser: Fix handling of parameter-entity references
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-Percent sign in DTD Names
-=========================
-
-The NEXTL macro used to call xmlParserHandlePEReference. When parsing
-"complex" names inside the DTD, this could result in entity expansion
-which created a new input buffer. The fix is to simply remove the call
-to xmlParserHandlePEReference from the NEXTL macro. This is safe because
-no users of the macro require expansion of parameter entities.
-
-- xmlParseNameComplex
-- xmlParseNCNameComplex
-- xmlParseNmtoken
-
-The percent sign is not allowed in names, which are grammatical tokens.
-
-- xmlParseEntityValue
-
-Parameter-entity references in entity values are expanded but this
-happens in a separate step in this function.
-
-- xmlParseSystemLiteral
-
-Parameter-entity references are ignored in the system literal.
-
-- xmlParseAttValueComplex
-- xmlParseCharDataComplex
-- xmlParseCommentComplex
-- xmlParsePI
-- xmlParseCDSect
-
-Parameter-entity references are ignored outside the DTD.
-
-- xmlLoadEntityContent
-
-This function is only called from xmlStringLenDecodeEntities and
-entities are replaced in a separate step immediately after the function
-call.
-
-This bug could also be triggered with an internal subset and double
-entity expansion.
-
-This fixes bug 766956 initially reported by Wei Lei and independently by
-Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
-involved.
-
-xmlParseNameComplex with XML_PARSE_OLD10
-========================================
-
-When parsing Names inside an expanded parameter entity with the
-XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
-GROW macro if the input buffer was exhausted. At the end of the
-parameter entity's replacement text, this function would then call
-xmlPopInput which invalidated the input buffer.
-
-There should be no need to invoke GROW in this situation because the
-buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
-at least for UTF-8, in xmlCurrentChar. This also matches the code path
-executed when XML_PARSE_OLD10 is not set.
-
-This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
-Thanks to Marcel Böhme and Thuan Pham for the report.
-
-Additional hardening
-====================
-
-A separate check was added in xmlParseNameComplex to validate the
-buffer size.
-
-Fixes bug 781205 and bug 781361
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9049 CVE-2017-9050
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/Makefile.am b/Makefile.am
-index 9f988b0..dab15a4 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
- if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
- rm result.$$name error.$$name ; \
- fi ; fi ; done)
-+ @echo "## Error cases regression tests (old 1.0)"
-+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
-+ name=`basename $$i`; \
-+ if [ ! -d $$i ] ; then \
-+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
-+ echo New test file $$name ; \
-+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
-+ 2> $(srcdir)/result/errors10/$$name.err \
-+ > $(srcdir)/result/errors10/$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ else \
-+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ diff $(srcdir)/result/errors10/$$name result.$$name ; \
-+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
-+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
-+ rm result.$$name error.$$name ; \
-+ fi ; fi ; done)
- @echo "## Error cases stream regression tests"
- -@(for i in $(srcdir)/test/errors/*.xml ; do \
- name=`basename $$i`; \
-diff --git a/parser.c b/parser.c
-index 609a270..8e11c12 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
- ctxt->input->line++; ctxt->input->col = 1; \
- } else ctxt->input->col++; \
- ctxt->input->cur += l; \
-- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
- } while (0)
-
- #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
-@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- len += l;
- NEXTL(l);
- c = CUR_CHAR(l);
-- if (c == 0) {
-- count = 0;
-- GROW;
-- if (ctxt->instate == XML_PARSER_EOF)
-- return(NULL);
-- c = CUR_CHAR(l);
-- }
- }
- }
- if ((len > XML_MAX_NAME_LENGTH) &&
-@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
- return(NULL);
- }
-+ if (ctxt->input->cur - ctxt->input->base < len) {
-+ /*
-+ * There were a couple of bugs where PERefs lead to to a change
-+ * of the buffer. Check the buffer size to avoid passing an invalid
-+ * pointer to xmlDictLookup.
-+ */
-+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
-+ "unexpected change of input buffer");
-+ return (NULL);
-+ }
- if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
-diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
-new file mode 100644
-index 0000000..da15c3f
---- /dev/null
-+++ b/result/errors10/781205.xml.err
-@@ -0,0 +1,21 @@
-+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+Entity: line 1: parser error : DOCTYPE improperly terminated
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+namespace error : Failed to parse QName ':0000'
-+ %a;
-+ ^
-+<:0000
-+ ^
-+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
-+
-+^
-diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
-new file mode 100644
-index 0000000..655f41a
---- /dev/null
-+++ b/result/errors10/781361.xml.err
-@@ -0,0 +1,13 @@
-+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
-+
-+^
-+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+
-+^
-+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
-+
-+^
-+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
-+
-+^
-diff --git a/result/valid/766956.xml b/result/valid/766956.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
-new file mode 100644
-index 0000000..34b1dae
---- /dev/null
-+++ b/result/valid/766956.xml.err
-@@ -0,0 +1,9 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
-new file mode 100644
-index 0000000..7760346
---- /dev/null
-+++ b/result/valid/766956.xml.err.rdr
-@@ -0,0 +1,10 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-+./test/valid/766956.xml : failed to parse
-diff --git a/runtest.c b/runtest.c
-index bb74d2a..63e8c20 100644
---- a/runtest.c
-+++ b/runtest.c
-@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
- { "Error cases regression tests",
- errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
- 0 },
-+ { "Error cases regression tests (old 1.0)",
-+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
-+ XML_PARSE_OLD10 },
- #ifdef LIBXML_READER_ENABLED
- { "Error cases stream regression tests",
- streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
-diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
-new file mode 100644
-index 0000000..d9e9e83
---- /dev/null
-+++ b/test/errors10/781205.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE D [
-+ <!ENTITY % a "<:0000">
-+ %a;
-diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
-new file mode 100644
-index 0000000..67476bc
---- /dev/null
-+++ b/test/errors10/781361.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE doc [
-+ <!ENTITY % elem "<!ELEMENT e0000000000">
-+ %elem;
-diff --git a/test/valid/766956.xml b/test/valid/766956.xml
-new file mode 100644
-index 0000000..19a95a0
---- /dev/null
-+++ b/test/valid/766956.xml
-@@ -0,0 +1,2 @@
-+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
-+<test/>
-diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
-new file mode 100644
-index 0000000..dddde68
---- /dev/null
-+++ b/test/valid/dtds/766956.dtd
-@@ -0,0 +1,2 @@
-+<!ENTITY % ent "value">
-+%ä%ent;
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
deleted file mode 100644
index c60e32f..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-libxml2-2.9.4: Fix more NULL pointer derefs
-
-xpointer: Fix more NULL pointer derefs
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..074db24 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- /*
- * Empty set ...
- */
-- if (end->nodesetval->nodeNr <= 0)
-+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
- return(NULL);
- break;
- default:
-@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
- */
- xmlNodeSetPtr set;
- set = tmp->nodesetval;
-- if ((set->nodeNr != 1) ||
-+ if ((set == NULL) || (set->nodeNr != 1) ||
- (set->nodeTab[0] != (xmlNodePtr) ctx->doc))
- stack++;
- } else
-@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- xmlXPathFreeObject(set);
- XP_ERROR(XPATH_MEMORY_ERROR);
- }
-- for (i = 0;i < oldset->locNr;i++) {
-- xmlXPtrLocationSetAdd(newset,
-- xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ if (oldset != NULL) {
-+ for (i = 0;i < oldset->locNr;i++) {
-+ xmlXPtrLocationSetAdd(newset,
-+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ }
- }
-
- /*
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
deleted file mode 100644
index faa5770..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
+++ /dev/null
@@ -1,590 +0,0 @@
-libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2
-
-[No upstream tracking]
-
-parser: Avoid reparsing in xmlParseStartTag2
-
-The code in xmlParseStartTag2 must handle the case that the input
-buffer was grown and reallocated which can invalidate pointers to
-attribute values. Before, this was handled by detecting changes of
-the input buffer "base" pointer and, in case of a change, jumping
-back to the beginning of the function and reparsing the start tag.
-
-The major problem of this approach is that whether an input buffer is
-reallocated is nondeterministic, resulting in seemingly random test
-failures. See the mailing list thread "runtest mystery bug: name2.xml
-error case regression test" from 2012, for example.
-
-If a reallocation was detected, the code also made no attempts to
-continue parsing in case of errors which makes a difference in
-the lax "recover" mode.
-
-Now we store the current input buffer "base" pointer for each (not
-separately allocated) attribute in the namespace URI field, which isn't
-used until later. After the whole start tag was parsed, the pointers to
-the attribute values are reconstructed using the offset between the
-new and the old input buffer. This relies on arithmetic on dangling
-pointers which is technically undefined behavior. But it seems like
-the easiest and most efficient fix and a similar approach is used in
-xmlParserInputGrow.
-
-This changes the error output of several tests, typically making it
-more verbose because we try harder to continue parsing in case of errors.
-
-(Another possible solution is to check not only the "base" pointer
-but the size of the input buffer as well. But this would result in
-even more reparsing.)
-
-Remove some goto labels and deduplicate a bit of code after handling
-namespaces.
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349]
- - [https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/parser.c b/parser.c
-index 609a270..74016e3 100644
---- a/parser.c
-+++ b/parser.c
-@@ -43,6 +43,7 @@
- #include <limits.h>
- #include <string.h>
- #include <stdarg.h>
-+#include <stddef.h>
- #include <libxml/xmlmemory.h>
- #include <libxml/threads.h>
- #include <libxml/globals.h>
-@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
- const xmlChar **atts = ctxt->atts;
- int maxatts = ctxt->maxatts;
- int nratts, nbatts, nbdef;
-- int i, j, nbNs, attval, oldline, oldcol, inputNr;
-- const xmlChar *base;
-+ int i, j, nbNs, attval;
- unsigned long cur;
- int nsNr = ctxt->nsNr;
-
-@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
- * The Shrinking is only possible once the full set of attribute
- * callbacks have been done.
- */
--reparse:
- SHRINK;
-- base = ctxt->input->base;
- cur = ctxt->input->cur - ctxt->input->base;
-- inputNr = ctxt->inputNr;
-- oldline = ctxt->input->line;
-- oldcol = ctxt->input->col;
- nbatts = 0;
- nratts = 0;
- nbdef = 0;
-@@ -9422,8 +9417,6 @@ reparse:
- */
- SKIP_BLANKS;
- GROW;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-
- while (((RAW != '>') &&
- ((RAW != '/') || (NXT(1) != '>')) &&
-@@ -9434,203 +9427,174 @@ reparse:
-
- attname = xmlParseAttribute2(ctxt, prefix, localname,
- &aprefix, &attvalue, &len, &alloc);
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
-- if ((attvalue != NULL) && (alloc != 0))
-- xmlFree(attvalue);
-- attvalue = NULL;
-- goto base_changed;
-- }
-- if ((attname != NULL) && (attvalue != NULL)) {
-- if (len < 0) len = xmlStrlen(attvalue);
-- if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
-- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-- xmlURIPtr uri;
--
-- if (URL == NULL) {
-- xmlErrMemory(ctxt, "dictionary allocation failure");
-- if ((attvalue != NULL) && (alloc != 0))
-- xmlFree(attvalue);
-- return(NULL);
-- }
-- if (*URL != 0) {
-- uri = xmlParseURI((const char *) URL);
-- if (uri == NULL) {
-- xmlNsErr(ctxt, XML_WAR_NS_URI,
-- "xmlns: '%s' is not a valid URI\n",
-- URL, NULL, NULL);
-- } else {
-- if (uri->scheme == NULL) {
-- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-- "xmlns: URI %s is not absolute\n",
-- URL, NULL, NULL);
-- }
-- xmlFreeURI(uri);
-- }
-- if (URL == ctxt->str_xml_ns) {
-- if (attname != ctxt->str_xml) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace URI cannot be the default namespace\n",
-- NULL, NULL, NULL);
-- }
-- goto skip_default_ns;
-- }
-- if ((len == 29) &&
-- (xmlStrEqual(URL,
-- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "reuse of the xmlns namespace name is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_default_ns;
-- }
-- }
-- /*
-- * check that it's not a defined namespace
-- */
-- for (j = 1;j <= nbNs;j++)
-- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
-- break;
-- if (j <= nbNs)
-- xmlErrAttributeDup(ctxt, NULL, attname);
-- else
-- if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
--skip_default_ns:
-- if ((attvalue != NULL) && (alloc != 0)) {
-- xmlFree(attvalue);
-- attvalue = NULL;
-- }
-- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
-- break;
-- if (!IS_BLANK_CH(RAW)) {
-- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
-- "attributes construct error\n");
-- break;
-- }
-- SKIP_BLANKS;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-- continue;
-- }
-- if (aprefix == ctxt->str_xmlns) {
-- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-- xmlURIPtr uri;
--
-- if (attname == ctxt->str_xml) {
-- if (URL != ctxt->str_xml_ns) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace prefix mapped to wrong URI\n",
-- NULL, NULL, NULL);
-- }
-- /*
-- * Do not keep a namespace definition node
-- */
-- goto skip_ns;
-- }
-+ if ((attname == NULL) || (attvalue == NULL))
-+ goto next_attr;
-+ if (len < 0) len = xmlStrlen(attvalue);
-+
-+ if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
-+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+ xmlURIPtr uri;
-+
-+ if (URL == NULL) {
-+ xmlErrMemory(ctxt, "dictionary allocation failure");
-+ if ((attvalue != NULL) && (alloc != 0))
-+ xmlFree(attvalue);
-+ return(NULL);
-+ }
-+ if (*URL != 0) {
-+ uri = xmlParseURI((const char *) URL);
-+ if (uri == NULL) {
-+ xmlNsErr(ctxt, XML_WAR_NS_URI,
-+ "xmlns: '%s' is not a valid URI\n",
-+ URL, NULL, NULL);
-+ } else {
-+ if (uri->scheme == NULL) {
-+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+ "xmlns: URI %s is not absolute\n",
-+ URL, NULL, NULL);
-+ }
-+ xmlFreeURI(uri);
-+ }
- if (URL == ctxt->str_xml_ns) {
-- if (attname != ctxt->str_xml) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace URI mapped to wrong prefix\n",
-- NULL, NULL, NULL);
-- }
-- goto skip_ns;
-- }
-- if (attname == ctxt->str_xmlns) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "redefinition of the xmlns prefix is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_ns;
-- }
-- if ((len == 29) &&
-- (xmlStrEqual(URL,
-- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "reuse of the xmlns namespace name is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_ns;
-- }
-- if ((URL == NULL) || (URL[0] == 0)) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xmlns:%s: Empty XML namespace is not allowed\n",
-- attname, NULL, NULL);
-- goto skip_ns;
-- } else {
-- uri = xmlParseURI((const char *) URL);
-- if (uri == NULL) {
-- xmlNsErr(ctxt, XML_WAR_NS_URI,
-- "xmlns:%s: '%s' is not a valid URI\n",
-- attname, URL, NULL);
-- } else {
-- if ((ctxt->pedantic) && (uri->scheme == NULL)) {
-- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-- "xmlns:%s: URI %s is not absolute\n",
-- attname, URL, NULL);
-- }
-- xmlFreeURI(uri);
-- }
-- }
--
-- /*
-- * check that it's not a defined namespace
-- */
-- for (j = 1;j <= nbNs;j++)
-- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
-- break;
-- if (j <= nbNs)
-- xmlErrAttributeDup(ctxt, aprefix, attname);
-- else
-- if (nsPush(ctxt, attname, URL) > 0) nbNs++;
--skip_ns:
-- if ((attvalue != NULL) && (alloc != 0)) {
-- xmlFree(attvalue);
-- attvalue = NULL;
-- }
-- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
-- break;
-- if (!IS_BLANK_CH(RAW)) {
-- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
-- "attributes construct error\n");
-- break;
-- }
-- SKIP_BLANKS;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-- continue;
-- }
-+ if (attname != ctxt->str_xml) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace URI cannot be the default namespace\n",
-+ NULL, NULL, NULL);
-+ }
-+ goto next_attr;
-+ }
-+ if ((len == 29) &&
-+ (xmlStrEqual(URL,
-+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "reuse of the xmlns namespace name is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ }
-+ /*
-+ * check that it's not a defined namespace
-+ */
-+ for (j = 1;j <= nbNs;j++)
-+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
-+ break;
-+ if (j <= nbNs)
-+ xmlErrAttributeDup(ctxt, NULL, attname);
-+ else
-+ if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
-+
-+ } else if (aprefix == ctxt->str_xmlns) {
-+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+ xmlURIPtr uri;
-+
-+ if (attname == ctxt->str_xml) {
-+ if (URL != ctxt->str_xml_ns) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace prefix mapped to wrong URI\n",
-+ NULL, NULL, NULL);
-+ }
-+ /*
-+ * Do not keep a namespace definition node
-+ */
-+ goto next_attr;
-+ }
-+ if (URL == ctxt->str_xml_ns) {
-+ if (attname != ctxt->str_xml) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace URI mapped to wrong prefix\n",
-+ NULL, NULL, NULL);
-+ }
-+ goto next_attr;
-+ }
-+ if (attname == ctxt->str_xmlns) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "redefinition of the xmlns prefix is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ if ((len == 29) &&
-+ (xmlStrEqual(URL,
-+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "reuse of the xmlns namespace name is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ if ((URL == NULL) || (URL[0] == 0)) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xmlns:%s: Empty XML namespace is not allowed\n",
-+ attname, NULL, NULL);
-+ goto next_attr;
-+ } else {
-+ uri = xmlParseURI((const char *) URL);
-+ if (uri == NULL) {
-+ xmlNsErr(ctxt, XML_WAR_NS_URI,
-+ "xmlns:%s: '%s' is not a valid URI\n",
-+ attname, URL, NULL);
-+ } else {
-+ if ((ctxt->pedantic) && (uri->scheme == NULL)) {
-+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+ "xmlns:%s: URI %s is not absolute\n",
-+ attname, URL, NULL);
-+ }
-+ xmlFreeURI(uri);
-+ }
-+ }
-
-- /*
-- * Add the pair to atts
-- */
-- if ((atts == NULL) || (nbatts + 5 > maxatts)) {
-- if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
-- if (attvalue[len] == 0)
-- xmlFree(attvalue);
-- goto failed;
-- }
-- maxatts = ctxt->maxatts;
-- atts = ctxt->atts;
-- }
-- ctxt->attallocs[nratts++] = alloc;
-- atts[nbatts++] = attname;
-- atts[nbatts++] = aprefix;
-- atts[nbatts++] = NULL; /* the URI will be fetched later */
-- atts[nbatts++] = attvalue;
-- attvalue += len;
-- atts[nbatts++] = attvalue;
-- /*
-- * tag if some deallocation is needed
-- */
-- if (alloc != 0) attval = 1;
-- } else {
-- if ((attvalue != NULL) && (attvalue[len] == 0))
-- xmlFree(attvalue);
-- }
-+ /*
-+ * check that it's not a defined namespace
-+ */
-+ for (j = 1;j <= nbNs;j++)
-+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
-+ break;
-+ if (j <= nbNs)
-+ xmlErrAttributeDup(ctxt, aprefix, attname);
-+ else
-+ if (nsPush(ctxt, attname, URL) > 0) nbNs++;
-+
-+ } else {
-+ /*
-+ * Add the pair to atts
-+ */
-+ if ((atts == NULL) || (nbatts + 5 > maxatts)) {
-+ if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
-+ goto next_attr;
-+ }
-+ maxatts = ctxt->maxatts;
-+ atts = ctxt->atts;
-+ }
-+ ctxt->attallocs[nratts++] = alloc;
-+ atts[nbatts++] = attname;
-+ atts[nbatts++] = aprefix;
-+ /*
-+ * The namespace URI field is used temporarily to point at the
-+ * base of the current input buffer for non-alloced attributes.
-+ * When the input buffer is reallocated, all the pointers become
-+ * invalid, but they can be reconstructed later.
-+ */
-+ if (alloc)
-+ atts[nbatts++] = NULL;
-+ else
-+ atts[nbatts++] = ctxt->input->base;
-+ atts[nbatts++] = attvalue;
-+ attvalue += len;
-+ atts[nbatts++] = attvalue;
-+ /*
-+ * tag if some deallocation is needed
-+ */
-+ if (alloc != 0) attval = 1;
-+ attvalue = NULL; /* moved into atts */
-+ }
-
--failed:
-+next_attr:
-+ if ((attvalue != NULL) && (alloc != 0)) {
-+ xmlFree(attvalue);
-+ attvalue = NULL;
-+ }
-
- GROW
- if (ctxt->instate == XML_PARSER_EOF)
- break;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
- break;
- if (!IS_BLANK_CH(RAW)) {
-@@ -9646,8 +9610,20 @@ failed:
- break;
- }
- GROW;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-+ }
-+
-+ /* Reconstruct attribute value pointers. */
-+ for (i = 0, j = 0; j < nratts; i += 5, j++) {
-+ if (atts[i+2] != NULL) {
-+ /*
-+ * Arithmetic on dangling pointers is technically undefined
-+ * behavior, but well...
-+ */
-+ ptrdiff_t offset = ctxt->input->base - atts[i+2];
-+ atts[i+2] = NULL; /* Reset repurposed namespace URI */
-+ atts[i+3] += offset; /* value */
-+ atts[i+4] += offset; /* valuend */
-+ }
- }
-
- /*
-@@ -9804,34 +9780,6 @@ failed:
- }
-
- return(localname);
--
--base_changed:
-- /*
-- * the attribute strings are valid iif the base didn't changed
-- */
-- if (attval != 0) {
-- for (i = 3,j = 0; j < nratts;i += 5,j++)
-- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
-- xmlFree((xmlChar *) atts[i]);
-- }
--
-- /*
-- * We can't switch from one entity to another in the middle
-- * of a start tag
-- */
-- if (inputNr != ctxt->inputNr) {
-- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
-- "Start tag doesn't start and stop in the same entity\n");
-- return(NULL);
-- }
--
-- ctxt->input->cur = ctxt->input->base + cur;
-- ctxt->input->line = oldline;
-- ctxt->input->col = oldcol;
-- if (ctxt->wellFormed == 1) {
-- goto reparse;
-- }
-- return(NULL);
- }
-
- /**
-diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err
-index e08d9bf..f6036a3 100644
---- a/result/errors/759398.xml.err
-+++ b/result/errors/759398.xml.err
-@@ -1,9 +1,12 @@
- ./test/errors/759398.xml:210: parser error : StartTag: invalid element name
- need to worry about parsers whi<! don't expand PErefs finding
- ^
--./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: spec line 50 and termdef
-+./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââm line 308 and termdef
- and provide access to their content and structure.</termdef> <termdef
- ^
--./test/errors/759398.xml:309: parser error : Extra content at the end of the document
--and provide access to their content and structure.</termdef> <termdef
-- ^
-+./test/errors/759398.xml:314: parser error : Opening and ending tag mismatch: spec line 50 and p
-+data and the information it must provide to the application.</p>
-+ ^
-+./test/errors/759398.xml:316: parser error : Extra content at the end of the document
-+<div2 id='sec-origin-goals'>
-+^
-diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err
-index 4f08538..c4c4fc8 100644
---- a/result/errors/attr1.xml.err
-+++ b/result/errors/attr1.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr1.xml:2: parser error : AttValue: ' expected
-
- ^
--./test/errors/attr1.xml:1: parser error : Extra content at the end of the document
--<foo foo="oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr1.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr1.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/attr2.xml.err b/result/errors/attr2.xml.err
-index c8a9c7d..77e342e 100644
---- a/result/errors/attr2.xml.err
-+++ b/result/errors/attr2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr2.xml:2: parser error : AttValue: ' expected
-
- ^
--./test/errors/attr2.xml:1: parser error : Extra content at the end of the document
--<foo foo=">ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err
-index a6649a1..8a6acee 100644
---- a/result/errors/name2.xml.err
-+++ b/result/errors/name2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/name2.xml:2: parser error : Specification mandate value for attribute foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-
- ^
--./test/errors/name2.xml:1: parser error : Extra content at the end of the document
--<foo foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/name2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/name2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
deleted file mode 100644
index 65f6bef..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-libxml2-2.9.4: Fix comparison with root node in xmlXPathCmpNodes and NULL pointer deref in XPointer
-
-xpath:
- - Check for errors after evaluating first operand.
- - Add sanity check for empty stack.
- - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8]
-CVE: CVE-2016-5131
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
-new file mode 100644
-index 0000000..d589882
---- /dev/null
-+++ b/result/XPath/xptr/viderror
-@@ -0,0 +1,4 @@
-+
-+========================
-+Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
-+Object is empty (NULL)
-diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
-new file mode 100644
-index 0000000..da8c53b
---- /dev/null
-+++ b/test/XPath/xptr/viderror
-@@ -0,0 +1 @@
-+xpointer(non-existing-fn()/range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index 113bce6..d992841 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
- * compute depth to root
- */
- for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node1)
-+ if (cur->parent == node1)
- return(1);
- depth2++;
- }
- root = cur;
- for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node2)
-+ if (cur->parent == node2)
- return(-1);
- depth1++;
- }
-@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- xmlNodeSetPtr oldset;
- int i, j;
-
-- if (op->ch1 != -1)
-+ if (op->ch1 != -1) {
- total +=
- xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
-+ CHECK_ERROR0;
-+ }
-+ if (ctxt->value == NULL) {
-+ XP_ERROR0(XPATH_INVALID_OPERAND);
-+ }
- if (op->ch2 == -1)
- return (total);
-
diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch b/meta/recipes-core/libxml/libxml2/runtest.patch
index 6e56857..cb171d5 100644
--- a/meta/recipes-core/libxml/libxml2/runtest.patch
+++ b/meta/recipes-core/libxml/libxml2/runtest.patch
@@ -2,47 +2,29 @@ Add 'install-ptest' rule.
Print a standard result line for each test.
Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
-Signed-off-by: Andrej Valek <andrej.valek@enea.com>
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Upstream-Status: Backport
diff -uNr a/Makefile.am b/Makefile.am
---- a/Makefile.am 2016-05-22 03:49:02.000000000 +0200
-+++ b/Makefile.am 2017-06-14 10:38:43.381305385 +0200
-@@ -202,10 +202,24 @@
+--- a/Makefile.am 2017-08-28 15:01:14.000000000 +0200
++++ b/Makefile.am 2017-09-05 08:06:05.752287323 +0200
+@@ -202,6 +202,15 @@
#testOOM_DEPENDENCIES = $(DEPS)
#testOOM_LDADD= $(LDADDS)
+install-ptest:
+ @(if [ -d .libs ] ; then cd .libs; fi; \
-+ install $(noinst_PROGRAMS) $(DESTDIR))
++ install $(check_PROGRAMS) $(DESTDIR))
+ cp -r $(srcdir)/test $(DESTDIR)
+ cp -r $(srcdir)/result $(DESTDIR)
+ cp -r $(srcdir)/python $(DESTDIR)
+ cp Makefile $(DESTDIR)
+ sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile
+
- runtests:
+ runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \
+ testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT)
[ -d test ] || $(LN_S) $(srcdir)/test .
- [ -d result ] || $(LN_S) $(srcdir)/result .
-- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
-+ $(CHECKER) ./runtest$(EXEEXT) && \
-+ $(CHECKER) ./testrecurse$(EXEEXT) && \
-+ ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) ./testapi$(EXEEXT) && \
-+ $(CHECKER) ./testchar$(EXEEXT) && \
-+ $(CHECKER) ./testdict$(EXEEXT) && \
-+ $(CHECKER) ./runxmlconf$(EXEEXT)
- @(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \
- $(MAKE) tests ; fi)
-
-@@ -229,7 +243,7 @@
-
- APItests: testapi$(EXEEXT)
- @echo "## Running the API regression tests this may take a little while"
-- -@($(CHECKER) $(top_builddir)/testapi -q)
-+ -@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) $(top_builddir)/testapi -q)
-
- HTMLtests : testHTML$(EXEEXT)
- @(echo > .memdump)
+
diff -uNr a/runsuite.c b/runsuite.c
--- a/runsuite.c 2013-04-12 16:17:11.462823238 +0200
+++ b/runsuite.c 2013-04-17 14:07:24.352693211 +0200
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.5.bb
similarity index 85%
rename from meta/recipes-core/libxml/libxml2_2.9.4.bb
rename to meta/recipes-core/libxml/libxml2_2.9.5.bb
index 107539b..912a501 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.5.bb
@@ -19,21 +19,11 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
file://run-ptest \
file://python-sitepackages-dir.patch \
file://libxml-m4-use-pkgconfig.patch \
- file://libxml2-fix_node_comparison.patch \
- file://libxml2-CVE-2016-5131.patch \
- file://libxml2-CVE-2016-4658.patch \
- file://libxml2-fix_NULL_pointer_derefs.patch \
- file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
- file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
- file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
- file://libxml2-CVE-2017-5969.patch \
- file://libxml2-CVE-2017-0663.patch \
- file://libxml2-CVE-2017-8872.patch \
file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
"
-SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
-SRC_URI[libtar.sha256sum] = "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c"
+SRC_URI[libtar.md5sum] = "5ce0da9bdaa267b40c4ca36d35363b8b"
+SRC_URI[libtar.sha256sum] = "4031c1ecee9ce7ba4f313e91ef6284164885cdb69937a123f6a83bb6a72dcd38"
SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a"
SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
@@ -81,6 +71,10 @@ do_configure_prepend () {
find ${WORKDIR}/xmlconf/ -type f -exec chmod -x {} \+
}
+do_compile_ptest() {
+ oe_runmake check-am
+}
+
do_install_ptest () {
cp -r ${WORKDIR}/xmlconf ${D}${PTEST_PATH}
if [ "${@bb.utils.filter('PACKAGECONFIG', 'python', d)}" ]; then
--
2.1.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* Re: [PATCH v2] libxml2: 2.9.4 -> 2.9.5
2017-09-28 16:18 ` Burton, Ross
@ 2017-09-29 7:16 ` Andrej Valek
0 siblings, 0 replies; 24+ messages in thread
From: Andrej Valek @ 2017-09-29 7:16 UTC (permalink / raw)
To: Burton, Ross; +Cc: OE-core
Sorry for these problems. I will have to test it more properly before
posting new patches.
There was problem with testing binaries, which have not been built
automatically. So I have added step for building them.
I have created fixed version 3.
Andrej
On 09/28/2017 06:18 PM, Burton, Ross wrote:
> Sorry but:
>
> | NOTE: make
> DESTDIR=/data/poky-tmp/master/build/work/corei7-64-poky-linux/libxml2/2.9.5-r0/image/usr/lib/libxml2/ptest
> install-ptest
> | install: cannot stat 'testSchemas': No such file or directory
> | install: cannot stat 'testRelax': No such file or directory
> | install: cannot stat 'testSAX': No such file or directory
> | install: cannot stat 'testHTML': No such file or directory
> | install: cannot stat 'testXPath': No such file or directory
> | install: cannot stat 'testURI': No such file or directory
> | install: cannot stat 'testThreads': No such file or directory
> | install: cannot stat 'testC14N': No such file or directory
> | install: cannot stat 'testAutomata': No such file or directory
> | install: cannot stat 'testRegexp': No such file or directory
> | install: cannot stat 'testReader': No such file or directory
> | install: cannot stat 'testapi': No such file or directory
> | install: cannot stat 'testModule': No such file or directory
> | install: cannot stat 'runtest': No such file or directory
> | install: cannot stat 'runsuite': No such file or directory
> | install: cannot stat 'testchar': No such file or directory
> | install: cannot stat 'testdict': No such file or directory
> | install: cannot stat 'runxmlconf': No such file or directory
> | install: cannot stat 'testrecurse': No such file or directory
> | install: cannot stat 'testlimits': No such file or directory
> | Makefile:1908: recipe for target 'install-ptest' failed
>
> Ross
>
>
> On 28 September 2017 at 13:06, Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>> wrote:
>
> Signed-off-by: Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>>
> ---
> .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +-
> .../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 ----------
> .../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 -------
> .../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 --
> .../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ---
> .../libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 --
> .../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ----
> .../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ----------
> .../libxml2/libxml2-fix_NULL_pointer_derefs.patch | 45 --
> ...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 ---------------------
> .../libxml2/libxml2-fix_node_comparison.patch | 67 ---
> meta/recipes-core/libxml/libxml2/runtest.patch | 34 +-
> .../libxml/{libxml2_2.9.4.bb <http://libxml2_2.9.4.bb> => libxml2_2.9.5.bb
> <http://libxml2_2.9.5.bb>} | 14 +-
> 13 files changed, 11 insertions(+), 1723 deletions(-)
> delete mode 100644
> meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
> delete mode 100644
> meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
> delete mode 100644
> meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
> delete mode 100644
> meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
> delete mode 100644
> meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
> delete mode 100644
> meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
> delete mode 100644
> meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
> delete mode 100644
> meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
> delete mode 100644
> meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
> delete mode 100644
> meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
> rename meta/recipes-core/libxml/{libxml2_2.9.4.bb
> <http://libxml2_2.9.4.bb> => libxml2_2.9.5.bb <http://libxml2_2.9.5.bb>} (85%)
>
> diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
> b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
> index 3277165..d9ed151 100644
> --- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
> +++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
> @@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644
> - echo "*** If you have an old version installed, it is best to
> remove it, although"
> - echo "*** you may also be able to get things to work by
> modifying LD_LIBRARY_PATH" ],
> - [ echo "*** The test program failed to compile or link. See the
> file config.log for the"
> -- echo "*** exact error that occured. This usually means LIBXML
> was incorrectly installed"
> +- echo "*** exact error that occurred. This usually means LIBXML
> was incorrectly installed"
> - echo "*** or that you have moved LIBXML since it was installed.
> In the latter case, you"
> - echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ])
> - CPPFLAGS="$ac_save_CPPFLAGS"
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
> deleted file mode 100644
> index bb55eed..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
> +++ /dev/null
> @@ -1,269 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2016-4658
> -
> -[No upstream tracking] --
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658
> <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658>
> -
> -xpointer: Disallow namespace nodes in XPointer points and ranges
> -
> -Namespace nodes must be copied to avoid use-after-free errors.
> -But they don't necessarily have a physical representation in a
> -document, so simply disallow them in XPointer ranges.
> -
> -Upstream-Status: Backport
> - -
> [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
> <https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b>]
> - -
> [https://git.gnome.org/browse/libxml2/commit/?id=3f8a91036d338e51c059d54397a42d645f019c65
> <https://git.gnome.org/browse/libxml2/commit/?id=3f8a91036d338e51c059d54397a42d645f019c65>]
> -CVE: CVE-2016-4658
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>>
> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com
> <mailto:pascal.bach@siemens.com>>
> -
> -diff --git a/xpointer.c b/xpointer.c
> -index 676c510..911680d 100644
> ---- a/xpointer.c
> -+++ b/xpointer.c
> -@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1,
> xmlXPathObjectPtr range2) {
> - }
> -
> - /**
> -+ * xmlXPtrNewRangeInternal:
> -+ * @start: the starting node
> -+ * @startindex: the start index
> -+ * @end: the ending point
> -+ * @endindex: the ending index
> -+ *
> -+ * Internal function to create a new xmlXPathObjectPtr of type range
> -+ *
> -+ * Returns the newly created object.
> -+ */
> -+static xmlXPathObjectPtr
> -+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
> -+ xmlNodePtr end, int endindex) {
> -+ xmlXPathObjectPtr ret;
> -+
> -+ /*
> -+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
> -+ * Disallow them for now.
> -+ */
> -+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
> -+ return(NULL);
> -+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
> -+ return(NULL);
> -+
> -+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -+ if (ret == NULL) {
> -+ xmlXPtrErrMemory("allocating range");
> -+ return(NULL);
> -+ }
> -+ memset(ret, 0, sizeof(xmlXPathObject));
> -+ ret->type = XPATH_RANGE;
> -+ ret->user = start;
> -+ ret->index = startindex;
> -+ ret->user2 = end;
> -+ ret->index2 = endindex;
> -+ return(ret);
> -+}
> -+
> -+/**
> - * xmlXPtrNewRange:
> - * @start: the starting node
> - * @startindex: the start index
> -@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
> - if (endindex < 0)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = startindex;
> -- ret->user2 = end;
> -- ret->index2 = endindex;
> -+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start,
> xmlXPathObjectPtr end) {
> - if (end->type != XPATH_POINT)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start->user;
> -- ret->index = start->index;
> -- ret->user2 = end->user;
> -- ret->index2 = end->index;
> -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
> -+ end->index);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start,
> xmlNodePtr end) {
> - if (start->type != XPATH_POINT)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start->user;
> -- ret->index = start->index;
> -- ret->user2 = end;
> -- ret->index2 = -1;
> -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start,
> xmlXPathObjectPtr end) {
> - if (end->type != XPATH_POINT)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- ret->user2 = end->user;
> -- ret->index2 = end->index;
> -+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
> - if (end == NULL)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- ret->user2 = end;
> -- ret->index2 = -1;
> -+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
> - if (start == NULL)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- ret->user2 = NULL;
> -- ret->index2 = -1;
> -+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
> - return(ret);
> - }
> -
> -@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
> - */
> - xmlXPathObjectPtr
> - xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
> -+ xmlNodePtr endNode;
> -+ int endIndex;
> - xmlXPathObjectPtr ret;
> -
> - if (start == NULL)
> -@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start,
> xmlXPathObjectPtr end) {
> - return(NULL);
> - switch (end->type) {
> - case XPATH_POINT:
> -+ endNode = end->user;
> -+ endIndex = end->index;
> -+ break;
> - case XPATH_RANGE:
> -+ endNode = end->user2;
> -+ endIndex = end->index2;
> - break;
> - case XPATH_NODESET:
> - /*
> -@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start,
> xmlXPathObjectPtr end) {
> - */
> - if (end->nodesetval->nodeNr <= 0)
> - return(NULL);
> -+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
> -+ endIndex = -1;
> - break;
> - default:
> - /* TODO */
> - return(NULL);
> - }
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- switch (end->type) {
> -- case XPATH_POINT:
> -- ret->user2 = end->user;
> -- ret->index2 = end->index;
> -- break;
> -- case XPATH_RANGE:
> -- ret->user2 = end->user2;
> -- ret->index2 = end->index2;
> -- break;
> -- case XPATH_NODESET: {
> -- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
> -- ret->index2 = -1;
> -- break;
> -- }
> -- default:
> -- STRANGE
> -- return(NULL);
> -- }
> -+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr
> ctxt, int nargs) {
> - case XPATH_RANGE: {
> - xmlNodePtr node = tmp->user;
> - if (node != NULL) {
> -- if (node->type == XML_ATTRIBUTE_NODE) {
> -- /* TODO: Namespace Nodes ??? */
> -+ if ((node->type == XML_ATTRIBUTE_NODE) ||
> -+ (node->type == XML_NAMESPACE_DECL)) {
> - xmlXPathFreeObject(obj);
> - xmlXPtrFreeLocationSet(newset);
> - XP_ERROR(XPTR_SYNTAX_ERROR);
> -@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr
> ctxt, int nargs) {
> - case XPATH_RANGE: {
> - xmlNodePtr node = tmp->user2;
> - if (node != NULL) {
> -- if (node->type == XML_ATTRIBUTE_NODE) {
> -- /* TODO: Namespace Nodes ??? */
> -+ if ((node->type == XML_ATTRIBUTE_NODE) ||
> -+ (node->type == XML_NAMESPACE_DECL)) {
> - xmlXPathFreeObject(obj);
> - xmlXPtrFreeLocationSet(newset);
> - XP_ERROR(XPTR_SYNTAX_ERROR);
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
> deleted file mode 100644
> index 9d47d02..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
> +++ /dev/null
> @@ -1,180 +0,0 @@
> -From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
> -From: Nick Wellnhofer <wellnhofer@aevum.de <mailto:wellnhofer@aevum.de>>
> -Date: Tue, 28 Jun 2016 14:22:23 +0200
> -Subject: [PATCH] Fix XPointer paths beginning with range-to
> -
> -The old code would invoke the broken xmlXPtrRangeToFunction. range-to
> -isn't really a function but a special kind of location step. Remove
> -this function and always handle range-to in the XPath code.
> -
> -The old xmlXPtrRangeToFunction could also be abused to trigger a
> -use-after-free error with the potential for remote code execution.
> -
> -Found with afl-fuzz.
> -
> -Fixes CVE-2016-5131.
> -
> -CVE: CVE-2016-5131
> -Upstream-Status: Backport
> -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
> <https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e>
> -
> -Signed-off-by: Yi Zhao <yi.zhao@windirver.com <mailto:yi.zhao@windirver.com>>
> ----
> - result/XPath/xptr/vidbase | 13 ++++++++
> - test/XPath/xptr/vidbase | 1 +
> - xpath.c | 7 ++++-
> - xpointer.c | 76 ++++-------------------------------------------
> - 4 files changed, 26 insertions(+), 71 deletions(-)
> -
> -diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
> -index 8b9e92d..f19193e 100644
> ---- a/result/XPath/xptr/vidbase
> -+++ b/result/XPath/xptr/vidbase
> -@@ -17,3 +17,16 @@ Object is a Location Set:
> - To node
> - ELEMENT p
> -
> -+
> -+========================
> -+Expression: xpointer(range-to(id('chapter2')))
> -+Object is a Location Set:
> -+1 : Object is a range :
> -+ From node
> -+ /
> -+ To node
> -+ ELEMENT chapter
> -+ ATTRIBUTE id
> -+ TEXT
> -+ content=chapter2
> -+
> -diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
> -index b146383..884b106 100644
> ---- a/test/XPath/xptr/vidbase
> -+++ b/test/XPath/xptr/vidbase
> -@@ -1,2 +1,3 @@
> - xpointer(id('chapter1')/p)
> - xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
> -+xpointer(range-to(id('chapter2')))
> -diff --git a/xpath.c b/xpath.c
> -index d992841..5a01b1b 100644
> ---- a/xpath.c
> -+++ b/xpath.c
> -@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
> - lc = 1;
> - break;
> - } else if ((NXT(len) == '(')) {
> -- /* Note Type or Function */
> -+ /* Node Type or Function */
> - if (xmlXPathIsNodeType(name)) {
> - #ifdef DEBUG_STEP
> - xmlGenericError(xmlGenericErrorContext,
> - "PathExpr: Type search\n");
> - #endif
> - lc = 1;
> -+#ifdef LIBXML_XPTR_ENABLED
> -+ } else if (ctxt->xptr &&
> -+ xmlStrEqual(name, BAD_CAST "range-to")) {
> -+ lc = 1;
> -+#endif
> - } else {
> - #ifdef DEBUG_STEP
> - xmlGenericError(xmlGenericErrorContext,
> -diff --git a/xpointer.c b/xpointer.c
> -index 676c510..d74174a 100644
> ---- a/xpointer.c
> -+++ b/xpointer.c
> -@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here,
> xmlNodePtr origin) {
> - ret->here = here;
> - ret->origin = origin;
> -
> -- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
> -- xmlXPtrRangeToFunction);
> - xmlXPathRegisterFunc(ret, (xmlChar *)"range",
> - xmlXPtrRangeFunction);
> - xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
> -@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr
> ctxt, int nargs) {
> - * @nargs: the number of args
> - *
> - * Implement the range-to() XPointer function
> -+ *
> -+ * Obsolete. range-to is not a real function but a special type of location
> -+ * step which is handled in xpath.c.
> - */
> - void
> --xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
> -- xmlXPathObjectPtr range;
> -- const xmlChar *cur;
> -- xmlXPathObjectPtr res, obj;
> -- xmlXPathObjectPtr tmp;
> -- xmlLocationSetPtr newset = NULL;
> -- xmlNodeSetPtr oldset;
> -- int i;
> --
> -- if (ctxt == NULL) return;
> -- CHECK_ARITY(1);
> -- /*
> -- * Save the expression pointer since we will have to evaluate
> -- * it multiple times. Initialize the new set.
> -- */
> -- CHECK_TYPE(XPATH_NODESET);
> -- obj = valuePop(ctxt);
> -- oldset = obj->nodesetval;
> -- ctxt->context->node = NULL;
> --
> -- cur = ctxt->cur;
> -- newset = xmlXPtrLocationSetCreate(NULL);
> --
> -- for (i = 0; i < oldset->nodeNr; i++) {
> -- ctxt->cur = cur;
> --
> -- /*
> -- * Run the evaluation with a node list made of a single item
> -- * in the nodeset.
> -- */
> -- ctxt->context->node = oldset->nodeTab[i];
> -- tmp = xmlXPathNewNodeSet(ctxt->context->node);
> -- valuePush(ctxt, tmp);
> --
> -- xmlXPathEvalExpr(ctxt);
> -- CHECK_ERROR;
> --
> -- /*
> -- * The result of the evaluation need to be tested to
> -- * decided whether the filter succeeded or not
> -- */
> -- res = valuePop(ctxt);
> -- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
> -- if (range != NULL) {
> -- xmlXPtrLocationSetAdd(newset, range);
> -- }
> --
> -- /*
> -- * Cleanup
> -- */
> -- if (res != NULL)
> -- xmlXPathFreeObject(res);
> -- if (ctxt->value == tmp) {
> -- res = valuePop(ctxt);
> -- xmlXPathFreeObject(res);
> -- }
> --
> -- ctxt->context->node = NULL;
> -- }
> --
> -- /*
> -- * The result is used as the new evaluation set.
> -- */
> -- xmlXPathFreeObject(obj);
> -- ctxt->context->node = NULL;
> -- ctxt->context->contextSize = -1;
> -- ctxt->context->proximityPosition = -1;
> -- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
> -+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
> -+ int nargs ATTRIBUTE_UNUSED) {
> -+ XP_ERROR(XPATH_EXPR_ERROR);
> - }
> -
> - /**
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
> deleted file mode 100644
> index 0108265..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
> +++ /dev/null
> @@ -1,40 +0,0 @@
> -libxml2: Fix CVE-2017-0663
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
> <https://bugzilla.gnome.org/show_bug.cgi?id=780228>
> -
> -valid: Fix type confusion in xmlValidateOneNamespace
> -
> -Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
> -on namespace declarations make no practical sense anyway.
> -
> -Fixes bug 780228
> -
> -Upstream-Status: Backport
> [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66
> <https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66>]
> -CVE: CVE-2017-0663
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>>
> -
> -diff --git a/valid.c b/valid.c
> -index 19f84b8..e03d35e 100644
> ---- a/valid.c
> -+++ b/valid.c
> -@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns,
> const xmlChar *value) {
> - }
> - }
> -
> -+ /*
> -+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
> -+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
> -+ * no practical sense to use ID types anyway.
> -+ */
> -+#if 0
> - /* Validity Constraint: ID uniqueness */
> - if (attrDecl->atype == XML_ATTRIBUTE_ID) {
> - if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
> -@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns,
> const xmlChar *value) {
> - if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
> - ret = 0;
> - }
> -+#endif
> -
> - /* Validity Constraint: Notation Attributes */
> - if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
> deleted file mode 100644
> index 571b05c..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
> +++ /dev/null
> @@ -1,62 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2017-5969
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
> <https://bugzilla.gnome.org/show_bug.cgi?id=758422>
> -
> -valid: Fix NULL pointer deref in xmlDumpElementContent
> -
> -Can only be triggered in recovery mode.
> -
> -Fixes bug 758422
> -
> -Upstream-Status: Backport -
> [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882
> <https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882>]
> -CVE: CVE-2017-5969
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>>
> -
> -diff --git a/valid.c b/valid.c
> -index 19f84b8..0a8e58a 100644
> ---- a/valid.c
> -+++ b/valid.c
> -@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf,
> xmlElementContentPtr content, int glob)
> - xmlBufferWriteCHAR(buf, content->name);
> - break;
> - case XML_ELEMENT_CONTENT_SEQ:
> -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
> -+ if ((content->c1 != NULL) &&
> -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
> - xmlDumpElementContent(buf, content->c1, 1);
> - else
> - xmlDumpElementContent(buf, content->c1, 0);
> - xmlBufferWriteChar(buf, " , ");
> -- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
> -- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
> -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
> -+ if ((content->c2 != NULL) &&
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
> -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
> - xmlDumpElementContent(buf, content->c2, 1);
> - else
> - xmlDumpElementContent(buf, content->c2, 0);
> - break;
> - case XML_ELEMENT_CONTENT_OR:
> -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
> -+ if ((content->c1 != NULL) &&
> -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
> - xmlDumpElementContent(buf, content->c1, 1);
> - else
> - xmlDumpElementContent(buf, content->c1, 0);
> - xmlBufferWriteChar(buf, " | ");
> -- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
> -- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
> -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
> -+ if ((content->c2 != NULL) &&
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
> -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
> - xmlDumpElementContent(buf, content->c2, 1);
> - else
> - xmlDumpElementContent(buf, content->c2, 0);
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
> deleted file mode 100644
> index 26779aa..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
> +++ /dev/null
> @@ -1,37 +0,0 @@
> -From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
> -From: Hongxu Jia <hongxu.jia@windriver.com <mailto:hongxu.jia@windriver.com>>
> -Date: Wed, 23 Aug 2017 16:04:49 +0800
> -Subject: [PATCH] fix CVE-2017-8872
> -
> -this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
> -il too here.
> -
> -this seems to cure this specific issue, and also passes the testsuite
> -
> -Signed-off-by: Marcus Meissner <meissner@suse.de <mailto:meissner@suse.de>>
> -
> -https://bugzilla.gnome.org/show_bug.cgi?id=775200
> <https://bugzilla.gnome.org/show_bug.cgi?id=775200>
> -Upstream-Status: Backport
> [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff
> <https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff>]
> -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com
> <mailto:hongxu.jia@windriver.com>>
> ----
> - parser.c | 4 ++++
> - 1 file changed, 4 insertions(+)
> -
> -diff --git a/parser.c b/parser.c
> -index 9506ead..6c07ffd 100644
> ---- a/parser.c
> -+++ b/parser.c
> -@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
> - }
> - ctxt->input->cur = BAD_CAST"";
> - ctxt->input->base = ctxt->input->cur;
> -+ if (ctxt->input->buf) {
> -+ xmlBufEmpty (ctxt->input->buf->buffer);
> -+ } else
> -+ ctxt->input->length = 0;
> - }
> - }
> -
> ---
> -2.7.4
> -
> diff --git
> a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
> deleted file mode 100644
> index 8b03456..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
> +++ /dev/null
> @@ -1,103 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333
> <https://bugzilla.gnome.org/show_bug.cgi?id=781333>
> - -- https://bugzilla.gnome.org/show_bug.cgi?id=781701
> <https://bugzilla.gnome.org/show_bug.cgi?id=781701>
> -
> -valid: Fix buffer size checks in xmlSnprintfElementContent
> -
> -xmlSnprintfElementContent failed to correctly check the available
> -buffer space in two locations.
> -
> -Fixes bug 781333 and bug 781701
> -
> -Upstream-Status: Backport
> [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74
> <https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74>]
> -CVE: CVE-2017-9047 CVE-2017-9048
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>>
> -
> -diff --git a/result/valid/781333.xml b/result/valid/781333.xml
> -new file mode 100644
> -index 0000000..01baf11
> ---- /dev/null
> -+++ b/result/valid/781333.xml
> -@@ -0,0 +1,5 @@
> -+<?xml version="1.0"?>
> -+<!DOCTYPE a [
> -+<!ELEMENT a
> (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
> lllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
> lllllllll
> lllllllllllllllllllllllllllllllll)>
> -+]>
> -+<a/>
> -diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
> -new file mode 100644
> -index 0000000..2176200
> ---- /dev/null
> -+++ b/result/valid/781333.xml.err
> -@@ -0,0 +1,3 @@
> -+./test/valid/781333.xml:4: element a: validity error : Element a content
> does not follow the DTD, expecting ( ..., got
> -+<a/>
> -+ ^
> -diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
> -new file mode 100644
> -index 0000000..1195a04
> ---- /dev/null
> -+++ b/result/valid/781333.xml.err.rdr
> -@@ -0,0 +1,6 @@
> -+./test/valid/781333.xml:4: element a: validity error : Element a content
> does not follow the DTD, expecting ( ..., got
> -+<a/>
> -+ ^
> -+./test/valid/781333.xml:5: element a: validity error : Element a content
> does not follow the DTD, Expecting more child
> -+
> -+^
> -diff --git a/test/valid/781333.xml b/test/valid/781333.xml
> -new file mode 100644
> -index 0000000..bceac9c
> ---- /dev/null
> -+++ b/test/valid/781333.xml
> -@@ -0,0 +1,4 @@
> -+<!DOCTYPE a [
> -+ <!ELEMENT a
> (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
> ppppppppp
> pppppppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
> lllllllll
> llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
> lllllllll
> lllllllllllllllllllllllllllllllllllll)>
> -+]>
> -+<a/>
> -diff --git a/valid.c b/valid.c
> -index 19f84b8..aaa30f6 100644
> ---- a/valid.c
> -+++ b/valid.c
> -@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size,
> xmlElementContentPtr content, int
> - case XML_ELEMENT_CONTENT_PCDATA:
> - strcat(buf, "#PCDATA");
> - break;
> -- case XML_ELEMENT_CONTENT_ELEMENT:
> -+ case XML_ELEMENT_CONTENT_ELEMENT: {
> -+ int qnameLen = xmlStrlen(content->name);
> -+
> -+ if (content->prefix != NULL)
> -+ qnameLen += xmlStrlen(content->prefix) + 1;
> -+ if (size - len < qnameLen + 10) {
> -+ strcat(buf, " ...");
> -+ return;
> -+ }
> - if (content->prefix != NULL) {
> -- if (size - len < xmlStrlen(content->prefix) + 10) {
> -- strcat(buf, " ...");
> -- return;
> -- }
> - strcat(buf, (char *) content->prefix);
> - strcat(buf, ":");
> - }
> -- if (size - len < xmlStrlen(content->name) + 10) {
> -- strcat(buf, " ...");
> -- return;
> -- }
> - if (content->name != NULL)
> - strcat(buf, (char *) content->name);
> - break;
> -+ }
> - case XML_ELEMENT_CONTENT_SEQ:
> - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> - (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
> -@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size,
> xmlElementContentPtr content, int
> - xmlSnprintfElementContent(buf, size, content->c2, 0);
> - break;
> - }
> -+ if (size - strlen(buf) <= 2) return;
> - if (englob)
> - strcat(buf, ")");
> - switch (content->ocur) {
> diff --git
> a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
> deleted file mode 100644
> index 591075d..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
> +++ /dev/null
> @@ -1,291 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781205
> <https://bugzilla.gnome.org/show_bug.cgi?id=781205>
> - -- https://bugzilla.gnome.org/show_bug.cgi?id=781361
> <https://bugzilla.gnome.org/show_bug.cgi?id=781361>
> -
> -parser: Fix handling of parameter-entity references
> -
> -There were two bugs where parameter-entity references could lead to an
> -unexpected change of the input buffer in xmlParseNameComplex and
> -xmlDictLookup being called with an invalid pointer.
> -
> -Percent sign in DTD Names
> -=========================
> -
> -The NEXTL macro used to call xmlParserHandlePEReference. When parsing
> -"complex" names inside the DTD, this could result in entity expansion
> -which created a new input buffer. The fix is to simply remove the call
> -to xmlParserHandlePEReference from the NEXTL macro. This is safe because
> -no users of the macro require expansion of parameter entities.
> -
> -- xmlParseNameComplex
> -- xmlParseNCNameComplex
> -- xmlParseNmtoken
> -
> -The percent sign is not allowed in names, which are grammatical tokens.
> -
> -- xmlParseEntityValue
> -
> -Parameter-entity references in entity values are expanded but this
> -happens in a separate step in this function.
> -
> -- xmlParseSystemLiteral
> -
> -Parameter-entity references are ignored in the system literal.
> -
> -- xmlParseAttValueComplex
> -- xmlParseCharDataComplex
> -- xmlParseCommentComplex
> -- xmlParsePI
> -- xmlParseCDSect
> -
> -Parameter-entity references are ignored outside the DTD.
> -
> -- xmlLoadEntityContent
> -
> -This function is only called from xmlStringLenDecodeEntities and
> -entities are replaced in a separate step immediately after the function
> -call.
> -
> -This bug could also be triggered with an internal subset and double
> -entity expansion.
> -
> -This fixes bug 766956 initially reported by Wei Lei and independently by
> -Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
> -involved.
> -
> -xmlParseNameComplex with XML_PARSE_OLD10
> -========================================
> -
> -When parsing Names inside an expanded parameter entity with the
> -XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
> -GROW macro if the input buffer was exhausted. At the end of the
> -parameter entity's replacement text, this function would then call
> -xmlPopInput which invalidated the input buffer.
> -
> -There should be no need to invoke GROW in this situation because the
> -buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
> -at least for UTF-8, in xmlCurrentChar. This also matches the code path
> -executed when XML_PARSE_OLD10 is not set.
> -
> -This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
> -Thanks to Marcel Böhme and Thuan Pham for the report.
> -
> -Additional hardening
> -====================
> -
> -A separate check was added in xmlParseNameComplex to validate the
> -buffer size.
> -
> -Fixes bug 781205 and bug 781361
> -
> -Upstream-Status: Backport
> [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74
> <https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74>]
> -CVE: CVE-2017-9049 CVE-2017-9050
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>>
> -
> -diff --git a/Makefile.am b/Makefile.am
> -index 9f988b0..dab15a4 100644
> ---- a/Makefile.am
> -+++ b/Makefile.am
> -@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
> - if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
> - rm result.$$name error.$$name ; \
> - fi ; fi ; done)
> -+ @echo "## Error cases regression tests (old 1.0)"
> -+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
> -+ name=`basename $$i`; \
> -+ if [ ! -d $$i ] ; then \
> -+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
> -+ echo New test file $$name ; \
> -+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
> -+ 2> $(srcdir)/result/errors10/$$name.err \
> -+ > $(srcdir)/result/errors10/$$name ; \
> -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
> -+ else \
> -+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2>
> error.$$name > result.$$name ; \
> -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
> -+ diff $(srcdir)/result/errors10/$$name result.$$name ; \
> -+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
> -+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ;
> fi ; \
> -+ rm result.$$name error.$$name ; \
> -+ fi ; fi ; done)
> - @echo "## Error cases stream regression tests"
> - -@(for i in $(srcdir)/test/errors/*.xml ; do \
> - name=`basename $$i`; \
> -diff --git a/parser.c b/parser.c
> -index 609a270..8e11c12 100644
> ---- a/parser.c
> -+++ b/parser.c
> -@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
> - ctxt->input->line++; ctxt->input->col = 1; \
> - } else ctxt->input->col++;
> \
> - ctxt->input->cur += l; \
> -- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
> - } while (0)
> -
> - #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
> -@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
> - len += l;
> - NEXTL(l);
> - c = CUR_CHAR(l);
> -- if (c == 0) {
> -- count = 0;
> -- GROW;
> -- if (ctxt->instate == XML_PARSER_EOF)
> -- return(NULL);
> -- c = CUR_CHAR(l);
> -- }
> - }
> - }
> - if ((len > XML_MAX_NAME_LENGTH) &&
> -@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
> - xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
> - return(NULL);
> - }
> -+ if (ctxt->input->cur - ctxt->input->base < len) {
> -+ /*
> -+ * There were a couple of bugs where PERefs lead to to a change
> -+ * of the buffer. Check the buffer size to avoid passing an invalid
> -+ * pointer to xmlDictLookup.
> -+ */
> -+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
> -+ "unexpected change of input buffer");
> -+ return (NULL);
> -+ }
> - if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
> - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
> - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
> -diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
> -new file mode 100644
> -index 0000000..e69de29
> -diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
> -new file mode 100644
> -index 0000000..da15c3f
> ---- /dev/null
> -+++ b/result/errors10/781205.xml.err
> -@@ -0,0 +1,21 @@
> -+Entity: line 1: parser error : internal error: xmlParseInternalSubset:
> error detected in Markup declaration
> -+
> -+ %a;
> -+ ^
> -+Entity: line 1:
> -+<:0000
> -+^
> -+Entity: line 1: parser error : DOCTYPE improperly terminated
> -+ %a;
> -+ ^
> -+Entity: line 1:
> -+<:0000
> -+^
> -+namespace error : Failed to parse QName ':0000'
> -+ %a;
> -+ ^
> -+<:0000
> -+ ^
> -+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start
> Tag :0000 line 1
> -+
> -+^
> -diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
> -new file mode 100644
> -index 0000000..e69de29
> -diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
> -new file mode 100644
> -index 0000000..655f41a
> ---- /dev/null
> -+++ b/result/errors10/781361.xml.err
> -@@ -0,0 +1,13 @@
> -+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY',
> 'ANY' or '(' expected
> -+
> -+^
> -+./test/errors10/781361.xml:4: parser error : internal error:
> xmlParseInternalSubset: error detected in Markup declaration
> -+
> -+
> -+^
> -+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
> -+
> -+^
> -+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
> -+
> -+^
> -diff --git a/result/valid/766956.xml b/result/valid/766956.xml
> -new file mode 100644
> -index 0000000..e69de29
> -diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
> -new file mode 100644
> -index 0000000..34b1dae
> ---- /dev/null
> -+++ b/result/valid/766956.xml.err
> -@@ -0,0 +1,9 @@
> -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
> -+%ä%ent;
> -+ ^
> -+Entity: line 1: parser error : Content error in the external subset
> -+ %ent;
> -+ ^
> -+Entity: line 1:
> -+value
> -+^
> -diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
> -new file mode 100644
> -index 0000000..7760346
> ---- /dev/null
> -+++ b/result/valid/766956.xml.err.rdr
> -@@ -0,0 +1,10 @@
> -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
> -+%ä%ent;
> -+ ^
> -+Entity: line 1: parser error : Content error in the external subset
> -+ %ent;
> -+ ^
> -+Entity: line 1:
> -+value
> -+^
> -+./test/valid/766956.xml : failed to parse
> -diff --git a/runtest.c b/runtest.c
> -index bb74d2a..63e8c20 100644
> ---- a/runtest.c
> -+++ b/runtest.c
> -@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
> - { "Error cases regression tests",
> - errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
> - 0 },
> -+ { "Error cases regression tests (old 1.0)",
> -+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
> -+ XML_PARSE_OLD10 },
> - #ifdef LIBXML_READER_ENABLED
> - { "Error cases stream regression tests",
> - streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
> -diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
> -new file mode 100644
> -index 0000000..d9e9e83
> ---- /dev/null
> -+++ b/test/errors10/781205.xml
> -@@ -0,0 +1,3 @@
> -+<!DOCTYPE D [
> -+ <!ENTITY % a "<:0000">
> -+ %a;
> -diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
> -new file mode 100644
> -index 0000000..67476bc
> ---- /dev/null
> -+++ b/test/errors10/781361.xml
> -@@ -0,0 +1,3 @@
> -+<!DOCTYPE doc [
> -+ <!ENTITY % elem "<!ELEMENT e0000000000">
> -+ %elem;
> -diff --git a/test/valid/766956.xml b/test/valid/766956.xml
> -new file mode 100644
> -index 0000000..19a95a0
> ---- /dev/null
> -+++ b/test/valid/766956.xml
> -@@ -0,0 +1,2 @@
> -+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
> -+<test/>
> -diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
> -new file mode 100644
> -index 0000000..dddde68
> ---- /dev/null
> -+++ b/test/valid/dtds/766956.dtd
> -@@ -0,0 +1,2 @@
> -+<!ENTITY % ent "value">
> -+%ä%ent;
> diff --git
> a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
> deleted file mode 100644
> index c60e32f..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
> +++ /dev/null
> @@ -1,45 +0,0 @@
> -libxml2-2.9.4: Fix more NULL pointer derefs
> -
> -xpointer: Fix more NULL pointer derefs
> -
> -Upstream-Status: Backport
> [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd
> <https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd>]
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>>
> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com
> <mailto:pascal.bach@siemens.com>>
> -
> -diff --git a/xpointer.c b/xpointer.c
> -index 676c510..074db24 100644
> ---- a/xpointer.c
> -+++ b/xpointer.c
> -@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start,
> xmlXPathObjectPtr end) {
> - /*
> - * Empty set ...
> - */
> -- if (end->nodesetval->nodeNr <= 0)
> -+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
> - return(NULL);
> - break;
> - default:
> -@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
> - */
> - xmlNodeSetPtr set;
> - set = tmp->nodesetval;
> -- if ((set->nodeNr != 1) ||
> -+ if ((set == NULL) || (set->nodeNr != 1) ||
> - (set->nodeTab[0] != (xmlNodePtr) ctx->doc))
> - stack++;
> - } else
> -@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt,
> int nargs) {
> - xmlXPathFreeObject(set);
> - XP_ERROR(XPATH_MEMORY_ERROR);
> - }
> -- for (i = 0;i < oldset->locNr;i++) {
> -- xmlXPtrLocationSetAdd(newset,
> -- xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
> -+ if (oldset != NULL) {
> -+ for (i = 0;i < oldset->locNr;i++) {
> -+ xmlXPtrLocationSetAdd(newset,
> -+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
> -+ }
> - }
> -
> - /*
> diff --git
> a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
> deleted file mode 100644
> index faa5770..0000000
> ---
> a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
> +++ /dev/null
> @@ -1,590 +0,0 @@
> -libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2
> -
> -[No upstream tracking]
> -
> -parser: Avoid reparsing in xmlParseStartTag2
> -
> -The code in xmlParseStartTag2 must handle the case that the input
> -buffer was grown and reallocated which can invalidate pointers to
> -attribute values. Before, this was handled by detecting changes of
> -the input buffer "base" pointer and, in case of a change, jumping
> -back to the beginning of the function and reparsing the start tag.
> -
> -The major problem of this approach is that whether an input buffer is
> -reallocated is nondeterministic, resulting in seemingly random test
> -failures. See the mailing list thread "runtest mystery bug: name2.xml
> -error case regression test" from 2012, for example.
> -
> -If a reallocation was detected, the code also made no attempts to
> -continue parsing in case of errors which makes a difference in
> -the lax "recover" mode.
> -
> -Now we store the current input buffer "base" pointer for each (not
> -separately allocated) attribute in the namespace URI field, which isn't
> -used until later. After the whole start tag was parsed, the pointers to
> -the attribute values are reconstructed using the offset between the
> -new and the old input buffer. This relies on arithmetic on dangling
> -pointers which is technically undefined behavior. But it seems like
> -the easiest and most efficient fix and a similar approach is used in
> -xmlParserInputGrow.
> -
> -This changes the error output of several tests, typically making it
> -more verbose because we try harder to continue parsing in case of errors.
> -
> -(Another possible solution is to check not only the "base" pointer
> -but the size of the input buffer as well. But this would result in
> -even more reparsing.)
> -
> -Remove some goto labels and deduplicate a bit of code after handling
> -namespaces.
> -
> -There were two bugs where parameter-entity references could lead to an
> -unexpected change of the input buffer in xmlParseNameComplex and
> -xmlDictLookup being called with an invalid pointer.
> -
> -
> -Upstream-Status: Backport
> - -
> [https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349
> <https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349>]
> - -
> [https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0
> <https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0>]
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>>
> -
> -diff --git a/parser.c b/parser.c
> -index 609a270..74016e3 100644
> ---- a/parser.c
> -+++ b/parser.c
> -@@ -43,6 +43,7 @@
> - #include <limits.h>
> - #include <string.h>
> - #include <stdarg.h>
> -+#include <stddef.h>
> - #include <libxml/xmlmemory.h>
> - #include <libxml/threads.h>
> - #include <libxml/globals.h>
> -@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const
> xmlChar **pref,
> - const xmlChar **atts = ctxt->atts;
> - int maxatts = ctxt->maxatts;
> - int nratts, nbatts, nbdef;
> -- int i, j, nbNs, attval, oldline, oldcol, inputNr;
> -- const xmlChar *base;
> -+ int i, j, nbNs, attval;
> - unsigned long cur;
> - int nsNr = ctxt->nsNr;
> -
> -@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const
> xmlChar **pref,
> - * The Shrinking is only possible once the full set of attribute
> - * callbacks have been done.
> - */
> --reparse:
> - SHRINK;
> -- base = ctxt->input->base;
> - cur = ctxt->input->cur - ctxt->input->base;
> -- inputNr = ctxt->inputNr;
> -- oldline = ctxt->input->line;
> -- oldcol = ctxt->input->col;
> - nbatts = 0;
> - nratts = 0;
> - nbdef = 0;
> -@@ -9422,8 +9417,6 @@ reparse:
> - */
> - SKIP_BLANKS;
> - GROW;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> -
> - while (((RAW != '>') &&
> - ((RAW != '/') || (NXT(1) != '>')) &&
> -@@ -9434,203 +9427,174 @@ reparse:
> -
> - attname = xmlParseAttribute2(ctxt, prefix, localname,
> - &aprefix, &attvalue, &len, &alloc);
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
> -- if ((attvalue != NULL) && (alloc != 0))
> -- xmlFree(attvalue);
> -- attvalue = NULL;
> -- goto base_changed;
> -- }
> -- if ((attname != NULL) && (attvalue != NULL)) {
> -- if (len < 0) len = xmlStrlen(attvalue);
> -- if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
> -- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
> -- xmlURIPtr uri;
> --
> -- if (URL == NULL) {
> -- xmlErrMemory(ctxt, "dictionary allocation failure");
> -- if ((attvalue != NULL) && (alloc != 0))
> -- xmlFree(attvalue);
> -- return(NULL);
> -- }
> -- if (*URL != 0) {
> -- uri = xmlParseURI((const char *) URL);
> -- if (uri == NULL) {
> -- xmlNsErr(ctxt, XML_WAR_NS_URI,
> -- "xmlns: '%s' is not a valid URI\n",
> -- URL, NULL, NULL);
> -- } else {
> -- if (uri->scheme == NULL) {
> -- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -- "xmlns: URI %s is not absolute\n",
> -- URL, NULL, NULL);
> -- }
> -- xmlFreeURI(uri);
> -- }
> -- if (URL == ctxt->str_xml_ns) {
> -- if (attname != ctxt->str_xml) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xml namespace URI cannot be the default namespace\n",
> -- NULL, NULL, NULL);
> -- }
> -- goto skip_default_ns;
> -- }
> -- if ((len == 29) &&
> -- (xmlStrEqual(URL,
> -- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "reuse of the xmlns namespace name is forbidden\n",
> -- NULL, NULL, NULL);
> -- goto skip_default_ns;
> -- }
> -- }
> -- /*
> -- * check that it's not a defined namespace
> -- */
> -- for (j = 1;j <= nbNs;j++)
> -- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
> -- break;
> -- if (j <= nbNs)
> -- xmlErrAttributeDup(ctxt, NULL, attname);
> -- else
> -- if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
> --skip_default_ns:
> -- if ((attvalue != NULL) && (alloc != 0)) {
> -- xmlFree(attvalue);
> -- attvalue = NULL;
> -- }
> -- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
> -- break;
> -- if (!IS_BLANK_CH(RAW)) {
> -- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
> -- "attributes construct error\n");
> -- break;
> -- }
> -- SKIP_BLANKS;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> -- continue;
> -- }
> -- if (aprefix == ctxt->str_xmlns) {
> -- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
> -- xmlURIPtr uri;
> --
> -- if (attname == ctxt->str_xml) {
> -- if (URL != ctxt->str_xml_ns) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xml namespace prefix mapped to wrong URI\n",
> -- NULL, NULL, NULL);
> -- }
> -- /*
> -- * Do not keep a namespace definition node
> -- */
> -- goto skip_ns;
> -- }
> -+ if ((attname == NULL) || (attvalue == NULL))
> -+ goto next_attr;
> -+ if (len < 0) len = xmlStrlen(attvalue);
> -+
> -+ if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
> -+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
> -+ xmlURIPtr uri;
> -+
> -+ if (URL == NULL) {
> -+ xmlErrMemory(ctxt, "dictionary allocation failure");
> -+ if ((attvalue != NULL) && (alloc != 0))
> -+ xmlFree(attvalue);
> -+ return(NULL);
> -+ }
> -+ if (*URL != 0) {
> -+ uri = xmlParseURI((const char *) URL);
> -+ if (uri == NULL) {
> -+ xmlNsErr(ctxt, XML_WAR_NS_URI,
> -+ "xmlns: '%s' is not a valid URI\n",
> -+ URL, NULL, NULL);
> -+ } else {
> -+ if (uri->scheme == NULL) {
> -+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -+ "xmlns: URI %s is not absolute\n",
> -+ URL, NULL, NULL);
> -+ }
> -+ xmlFreeURI(uri);
> -+ }
> - if (URL == ctxt->str_xml_ns) {
> -- if (attname != ctxt->str_xml) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xml namespace URI mapped to wrong prefix\n",
> -- NULL, NULL, NULL);
> -- }
> -- goto skip_ns;
> -- }
> -- if (attname == ctxt->str_xmlns) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "redefinition of the xmlns prefix is forbidden\n",
> -- NULL, NULL, NULL);
> -- goto skip_ns;
> -- }
> -- if ((len == 29) &&
> -- (xmlStrEqual(URL,
> -- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "reuse of the xmlns namespace name is forbidden\n",
> -- NULL, NULL, NULL);
> -- goto skip_ns;
> -- }
> -- if ((URL == NULL) || (URL[0] == 0)) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xmlns:%s: Empty XML namespace is not allowed\n",
> -- attname, NULL, NULL);
> -- goto skip_ns;
> -- } else {
> -- uri = xmlParseURI((const char *) URL);
> -- if (uri == NULL) {
> -- xmlNsErr(ctxt, XML_WAR_NS_URI,
> -- "xmlns:%s: '%s' is not a valid URI\n",
> -- attname, URL, NULL);
> -- } else {
> -- if ((ctxt->pedantic) && (uri->scheme == NULL)) {
> -- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -- "xmlns:%s: URI %s is not absolute\n",
> -- attname, URL, NULL);
> -- }
> -- xmlFreeURI(uri);
> -- }
> -- }
> --
> -- /*
> -- * check that it's not a defined namespace
> -- */
> -- for (j = 1;j <= nbNs;j++)
> -- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
> -- break;
> -- if (j <= nbNs)
> -- xmlErrAttributeDup(ctxt, aprefix, attname);
> -- else
> -- if (nsPush(ctxt, attname, URL) > 0) nbNs++;
> --skip_ns:
> -- if ((attvalue != NULL) && (alloc != 0)) {
> -- xmlFree(attvalue);
> -- attvalue = NULL;
> -- }
> -- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
> -- break;
> -- if (!IS_BLANK_CH(RAW)) {
> -- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
> -- "attributes construct error\n");
> -- break;
> -- }
> -- SKIP_BLANKS;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> -- continue;
> -- }
> -+ if (attname != ctxt->str_xml) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xml namespace URI cannot be the default namespace\n",
> -+ NULL, NULL, NULL);
> -+ }
> -+ goto next_attr;
> -+ }
> -+ if ((len == 29) &&
> -+ (xmlStrEqual(URL,
> -+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "reuse of the xmlns namespace name is forbidden\n",
> -+ NULL, NULL, NULL);
> -+ goto next_attr;
> -+ }
> -+ }
> -+ /*
> -+ * check that it's not a defined namespace
> -+ */
> -+ for (j = 1;j <= nbNs;j++)
> -+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
> -+ break;
> -+ if (j <= nbNs)
> -+ xmlErrAttributeDup(ctxt, NULL, attname);
> -+ else
> -+ if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
> -+
> -+ } else if (aprefix == ctxt->str_xmlns) {
> -+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
> -+ xmlURIPtr uri;
> -+
> -+ if (attname == ctxt->str_xml) {
> -+ if (URL != ctxt->str_xml_ns) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xml namespace prefix mapped to wrong URI\n",
> -+ NULL, NULL, NULL);
> -+ }
> -+ /*
> -+ * Do not keep a namespace definition node
> -+ */
> -+ goto next_attr;
> -+ }
> -+ if (URL == ctxt->str_xml_ns) {
> -+ if (attname != ctxt->str_xml) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xml namespace URI mapped to wrong prefix\n",
> -+ NULL, NULL, NULL);
> -+ }
> -+ goto next_attr;
> -+ }
> -+ if (attname == ctxt->str_xmlns) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "redefinition of the xmlns prefix is forbidden\n",
> -+ NULL, NULL, NULL);
> -+ goto next_attr;
> -+ }
> -+ if ((len == 29) &&
> -+ (xmlStrEqual(URL,
> -+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "reuse of the xmlns namespace name is forbidden\n",
> -+ NULL, NULL, NULL);
> -+ goto next_attr;
> -+ }
> -+ if ((URL == NULL) || (URL[0] == 0)) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xmlns:%s: Empty XML namespace is not allowed\n",
> -+ attname, NULL, NULL);
> -+ goto next_attr;
> -+ } else {
> -+ uri = xmlParseURI((const char *) URL);
> -+ if (uri == NULL) {
> -+ xmlNsErr(ctxt, XML_WAR_NS_URI,
> -+ "xmlns:%s: '%s' is not a valid URI\n",
> -+ attname, URL, NULL);
> -+ } else {
> -+ if ((ctxt->pedantic) && (uri->scheme == NULL)) {
> -+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -+ "xmlns:%s: URI %s is not absolute\n",
> -+ attname, URL, NULL);
> -+ }
> -+ xmlFreeURI(uri);
> -+ }
> -+ }
> -
> -- /*
> -- * Add the pair to atts
> -- */
> -- if ((atts == NULL) || (nbatts + 5 > maxatts)) {
> -- if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
> -- if (attvalue[len] == 0)
> -- xmlFree(attvalue);
> -- goto failed;
> -- }
> -- maxatts = ctxt->maxatts;
> -- atts = ctxt->atts;
> -- }
> -- ctxt->attallocs[nratts++] = alloc;
> -- atts[nbatts++] = attname;
> -- atts[nbatts++] = aprefix;
> -- atts[nbatts++] = NULL; /* the URI will be fetched later */
> -- atts[nbatts++] = attvalue;
> -- attvalue += len;
> -- atts[nbatts++] = attvalue;
> -- /*
> -- * tag if some deallocation is needed
> -- */
> -- if (alloc != 0) attval = 1;
> -- } else {
> -- if ((attvalue != NULL) && (attvalue[len] == 0))
> -- xmlFree(attvalue);
> -- }
> -+ /*
> -+ * check that it's not a defined namespace
> -+ */
> -+ for (j = 1;j <= nbNs;j++)
> -+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
> -+ break;
> -+ if (j <= nbNs)
> -+ xmlErrAttributeDup(ctxt, aprefix, attname);
> -+ else
> -+ if (nsPush(ctxt, attname, URL) > 0) nbNs++;
> -+
> -+ } else {
> -+ /*
> -+ * Add the pair to atts
> -+ */
> -+ if ((atts == NULL) || (nbatts + 5 > maxatts)) {
> -+ if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
> -+ goto next_attr;
> -+ }
> -+ maxatts = ctxt->maxatts;
> -+ atts = ctxt->atts;
> -+ }
> -+ ctxt->attallocs[nratts++] = alloc;
> -+ atts[nbatts++] = attname;
> -+ atts[nbatts++] = aprefix;
> -+ /*
> -+ * The namespace URI field is used temporarily to point at the
> -+ * base of the current input buffer for non-alloced attributes.
> -+ * When the input buffer is reallocated, all the pointers become
> -+ * invalid, but they can be reconstructed later.
> -+ */
> -+ if (alloc)
> -+ atts[nbatts++] = NULL;
> -+ else
> -+ atts[nbatts++] = ctxt->input->base;
> -+ atts[nbatts++] = attvalue;
> -+ attvalue += len;
> -+ atts[nbatts++] = attvalue;
> -+ /*
> -+ * tag if some deallocation is needed
> -+ */
> -+ if (alloc != 0) attval = 1;
> -+ attvalue = NULL; /* moved into atts */
> -+ }
> -
> --failed:
> -+next_attr:
> -+ if ((attvalue != NULL) && (alloc != 0)) {
> -+ xmlFree(attvalue);
> -+ attvalue = NULL;
> -+ }
> -
> - GROW
> - if (ctxt->instate == XML_PARSER_EOF)
> - break;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> - if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
> - break;
> - if (!IS_BLANK_CH(RAW)) {
> -@@ -9646,8 +9610,20 @@ failed:
> - break;
> - }
> - GROW;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> -+ }
> -+
> -+ /* Reconstruct attribute value pointers. */
> -+ for (i = 0, j = 0; j < nratts; i += 5, j++) {
> -+ if (atts[i+2] != NULL) {
> -+ /*
> -+ * Arithmetic on dangling pointers is technically undefined
> -+ * behavior, but well...
> -+ */
> -+ ptrdiff_t offset = ctxt->input->base - atts[i+2];
> -+ atts[i+2] = NULL; /* Reset repurposed namespace URI */
> -+ atts[i+3] += offset; /* value */
> -+ atts[i+4] += offset; /* valuend */
> -+ }
> - }
> -
> - /*
> -@@ -9804,34 +9780,6 @@ failed:
> - }
> -
> - return(localname);
> --
> --base_changed:
> -- /*
> -- * the attribute strings are valid iif the base didn't changed
> -- */
> -- if (attval != 0) {
> -- for (i = 3,j = 0; j < nratts;i += 5,j++)
> -- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
> -- xmlFree((xmlChar *) atts[i]);
> -- }
> --
> -- /*
> -- * We can't switch from one entity to another in the middle
> -- * of a start tag
> -- */
> -- if (inputNr != ctxt->inputNr) {
> -- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
> -- "Start tag doesn't start and stop in the same entity\n");
> -- return(NULL);
> -- }
> --
> -- ctxt->input->cur = ctxt->input->base + cur;
> -- ctxt->input->line = oldline;
> -- ctxt->input->col = oldcol;
> -- if (ctxt->wellFormed == 1) {
> -- goto reparse;
> -- }
> -- return(NULL);
> - }
> -
> - /**
> -diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err
> -index e08d9bf..f6036a3 100644
> ---- a/result/errors/759398.xml.err
> -+++ b/result/errors/759398.xml.err
> -@@ -1,9 +1,12 @@
> - ./test/errors/759398.xml:210: parser error : StartTag: invalid element name
> - need to worry about parsers whi<! don't expand PErefs finding
> - ^
> --./test/errors/759398.xml:309: parser error : Opening and ending tag
> mismatch: spec line 50 and termdef
> -+./test/errors/759398.xml:309: parser error : Opening and ending tag
> mismatch:
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№!
> №№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№â!
> ��№№â
> ��№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№�„!
> �№№�„
> �№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№m line 308 and termdef
> - and provide access to their content and structure.</termdef> <termdef
> - ^
> --./test/errors/759398.xml:309: parser error : Extra content at the end of
> the document
> --and provide access to their content and structure.</termdef> <termdef
> -- ^
> -+./test/errors/759398.xml:314: parser error : Opening and ending tag
> mismatch: spec line 50 and p
> -+data and the information it must provide to the application.</p>
> -+ ^
> -+./test/errors/759398.xml:316: parser error : Extra content at the end of
> the document
> -+<div2 id='sec-origin-goals'>
> -+^
> -diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err
> -index 4f08538..c4c4fc8 100644
> ---- a/result/errors/attr1.xml.err
> -+++ b/result/errors/attr1.xml.err
> -@@ -1,6 +1,9 @@
> - ./test/errors/attr1.xml:2: parser error : AttValue: ' expected
> -
> - ^
> --./test/errors/attr1.xml:1: parser error : Extra content at the end of the
> document
> --<foo
> foo="oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> -- ^
> -+./test/errors/attr1.xml:2: parser error : attributes construct error
> -+
> -+^
> -+./test/errors/attr1.xml:2: parser error : Couldn't find end of Start Tag
> foo line 1
> -+
> -+^
> -diff --git a/result/errors/attr2.xml.err b/result/errors/attr2.xml.err
> -index c8a9c7d..77e342e 100644
> ---- a/result/errors/attr2.xml.err
> -+++ b/result/errors/attr2.xml.err
> -@@ -1,6 +1,9 @@
> - ./test/errors/attr2.xml:2: parser error : AttValue: ' expected
> -
> - ^
> --./test/errors/attr2.xml:1: parser error : Extra content at the end of the
> document
> --<foo
> foo=">ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> -- ^
> -+./test/errors/attr2.xml:2: parser error : attributes construct error
> -+
> -+^
> -+./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag
> foo line 1
> -+
> -+^
> -diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err
> -index a6649a1..8a6acee 100644
> ---- a/result/errors/name2.xml.err
> -+++ b/result/errors/name2.xml.err
> -@@ -1,6 +1,9 @@
> - ./test/errors/name2.xml:2: parser error : Specification mandate value for
> attribute
> foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
> ooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
> ooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
> ooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
> ooooooooo
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
> ooooooooo
> ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> -
> - ^
> --./test/errors/name2.xml:1: parser error : Extra content at the end of the
> document
> --<foo
> foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> -- ^
> -+./test/errors/name2.xml:2: parser error : attributes construct error
> -+
> -+^
> -+./test/errors/name2.xml:2: parser error : Couldn't find end of Start Tag
> foo line 1
> -+
> -+^
> diff --git
> a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
> b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
> deleted file mode 100644
> index 65f6bef..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
> +++ /dev/null
> @@ -1,67 +0,0 @@
> -libxml2-2.9.4: Fix comparison with root node in xmlXPathCmpNodes and NULL
> pointer deref in XPointer
> -
> -xpath:
> - - Check for errors after evaluating first operand.
> - - Add sanity check for empty stack.
> - - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes
> -
> -Upstream-Status: Backport
> - -
> [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
> <https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b>]
> - -
> [https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8
> <https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8>]
> -CVE: CVE-2016-5131
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>>
> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com
> <mailto:pascal.bach@siemens.com>>
> -
> -diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
> -new file mode 100644
> -index 0000000..d589882
> ---- /dev/null
> -+++ b/result/XPath/xptr/viderror
> -@@ -0,0 +1,4 @@
> -+
> -+========================
> -+Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
> -+Object is empty (NULL)
> -diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
> -new file mode 100644
> -index 0000000..da8c53b
> ---- /dev/null
> -+++ b/test/XPath/xptr/viderror
> -@@ -0,0 +1 @@
> -+xpointer(non-existing-fn()/range-to(id('chapter2')))
> -diff --git a/xpath.c b/xpath.c
> -index 113bce6..d992841 100644
> ---- a/xpath.c
> -+++ b/xpath.c
> -@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
> - * compute depth to root
> - */
> - for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
> -- if (cur == node1)
> -+ if (cur->parent == node1)
> - return(1);
> - depth2++;
> - }
> - root = cur;
> - for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
> -- if (cur == node2)
> -+ if (cur->parent == node2)
> - return(-1);
> - depth1++;
> - }
> -@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt,
> xmlXPathStepOpPtr op)
> - xmlNodeSetPtr oldset;
> - int i, j;
> -
> -- if (op->ch1 != -1)
> -+ if (op->ch1 != -1) {
> - total +=
> - xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
> -+ CHECK_ERROR0;
> -+ }
> -+ if (ctxt->value == NULL) {
> -+ XP_ERROR0(XPATH_INVALID_OPERAND);
> -+ }
> - if (op->ch2 == -1)
> - return (total);
> -
> diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch
> b/meta/recipes-core/libxml/libxml2/runtest.patch
> index 6e56857..cb171d5 100644
> --- a/meta/recipes-core/libxml/libxml2/runtest.patch
> +++ b/meta/recipes-core/libxml/libxml2/runtest.patch
> @@ -2,47 +2,29 @@ Add 'install-ptest' rule.
> Print a standard result line for each test.
>
> Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com
> <mailto:mihaela.sendrea@enea.com>>
> -Signed-off-by: Andrej Valek <andrej.valek@enea.com
> <mailto:andrej.valek@enea.com>>
> +Signed-off-by: Andrej Valek <andrej.valek@siemens.com
> <mailto:andrej.valek@siemens.com>>
> Upstream-Status: Backport
>
> diff -uNr a/Makefile.am b/Makefile.am
> ---- a/Makefile.am 2016-05-22 03:49:02.000000000 +0200
> -+++ b/Makefile.am 2017-06-14 10:38:43.381305385 +0200
> -@@ -202,10 +202,24 @@
> +--- a/Makefile.am 2017-08-28 15:01:14.000000000 +0200
> ++++ b/Makefile.am 2017-09-05 08:06:05.752287323 +0200
> +@@ -202,6 +202,15 @@
> #testOOM_DEPENDENCIES = $(DEPS)
> #testOOM_LDADD= $(LDADDS)
>
> +install-ptest:
> + @(if [ -d .libs ] ; then cd .libs; fi; \
> -+ install $(noinst_PROGRAMS) $(DESTDIR))
> ++ install $(check_PROGRAMS) $(DESTDIR))
> + cp -r $(srcdir)/test $(DESTDIR)
> + cp -r $(srcdir)/result $(DESTDIR)
> + cp -r $(srcdir)/python $(DESTDIR)
> + cp Makefile $(DESTDIR)
> + sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile
> +
> - runtests:
> + runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \
> + testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT)
> [ -d test ] || $(LN_S) $(srcdir)/test .
> - [ -d result ] || $(LN_S) $(srcdir)/result .
> -- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT)
> &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&&
> $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
> -+ $(CHECKER) ./runtest$(EXEEXT) && \
> -+ $(CHECKER) ./testrecurse$(EXEEXT) && \
> -+ ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER)
> ./testapi$(EXEEXT) && \
> -+ $(CHECKER) ./testchar$(EXEEXT) && \
> -+ $(CHECKER) ./testdict$(EXEEXT) && \
> -+ $(CHECKER) ./runxmlconf$(EXEEXT)
> - @(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \
> - $(MAKE) tests ; fi)
> -
> -@@ -229,7 +243,7 @@
> -
> - APItests: testapi$(EXEEXT)
> - @echo "## Running the API regression tests this may take a little while"
> -- -@($(CHECKER) $(top_builddir)/testapi -q)
> -+ -@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER)
> $(top_builddir)/testapi -q)
> -
> - HTMLtests : testHTML$(EXEEXT)
> - @(echo > .memdump)
> +
> diff -uNr a/runsuite.c b/runsuite.c
> --- a/runsuite.c 2013-04-12 16:17:11.462823238 +0200
> +++ b/runsuite.c 2013-04-17 14:07:24.352693211 +0200
> diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb
> <http://libxml2_2.9.4.bb> b/meta/recipes-core/libxml/libxml2_2.9.5.bb
> <http://libxml2_2.9.5.bb>
> similarity index 85%
> rename from meta/recipes-core/libxml/libxml2_2.9.4.bb <http://libxml2_2.9.4.bb>
> rename to meta/recipes-core/libxml/libxml2_2.9.5.bb <http://libxml2_2.9.5.bb>
> index 107539b..16391c3 100644
> --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb <http://libxml2_2.9.4.bb>
> +++ b/meta/recipes-core/libxml/libxml2_2.9.5.bb <http://libxml2_2.9.5.bb>
> @@ -19,21 +19,11 @@ SRC_URI =
> "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar
> <ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar> \
> file://run-ptest \
> file://python-sitepackages-dir.patch \
> file://libxml-m4-use-pkgconfig.patch \
> - file://libxml2-fix_node_comparison.patch \
> - file://libxml2-CVE-2016-5131.patch \
> - file://libxml2-CVE-2016-4658.patch \
> - file://libxml2-fix_NULL_pointer_derefs.patch \
> - file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
> - file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
> - file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
> - file://libxml2-CVE-2017-5969.patch \
> - file://libxml2-CVE-2017-0663.patch \
> - file://libxml2-CVE-2017-8872.patch \
>
> file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
> "
>
> -SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
> -SRC_URI[libtar.sha256sum] =
> "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c"
> +SRC_URI[libtar.md5sum] = "5ce0da9bdaa267b40c4ca36d35363b8b"
> +SRC_URI[libtar.sha256sum] =
> "4031c1ecee9ce7ba4f313e91ef6284164885cdb69937a123f6a83bb6a72dcd38"
> SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a"
> SRC_URI[testtar.sha256sum] =
> "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
>
> --
> 2.1.4
>
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> <mailto:Openembedded-core@lists.openembedded.org>
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
> <http://lists.openembedded.org/mailman/listinfo/openembedded-core>
>
>
^ permalink raw reply [flat|nested] 24+ messages in thread
* [PATCH v3] libxml2: 2.9.4 -> 2.9.6
2017-09-05 6:35 [PATCH] libxml2: 2.9.4 -> 2.9.5 Andrej Valek
` (2 preceding siblings ...)
2017-09-29 7:08 ` [PATCH v3] " Andrej Valek
@ 2017-10-06 7:27 ` Andrej Valek
2017-10-06 12:11 ` Alexander Kanavin
2017-11-06 7:34 ` Andrej Valek
2017-10-09 6:29 ` [PATCH v4] " Andrej Valek
4 siblings, 2 replies; 24+ messages in thread
From: Andrej Valek @ 2017-10-06 7:27 UTC (permalink / raw)
To: openembedded-core
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=UTF-8, Size: 91288 bytes --]
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
---
.../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +-
.../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 ----------
.../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 -------
.../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 --
.../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ---
.../libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 --
.../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ----
.../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ----------
.../libxml2/libxml2-fix_NULL_pointer_derefs.patch | 45 --
...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 ---------------------
.../libxml2/libxml2-fix_node_comparison.patch | 67 ---
meta/recipes-core/libxml/libxml2/runtest.patch | 34 +-
.../libxml/{libxml2_2.9.4.bb => libxml2_2.9.6.bb} | 18 +-
13 files changed, 15 insertions(+), 1723 deletions(-)
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
rename meta/recipes-core/libxml/{libxml2_2.9.4.bb => libxml2_2.9.6.bb} (85%)
diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
index 3277165..d9ed151 100644
--- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
+++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
@@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644
- echo "*** If you have an old version installed, it is best to remove it, although"
- echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ],
- [ echo "*** The test program failed to compile or link. See the file config.log for the"
-- echo "*** exact error that occured. This usually means LIBXML was incorrectly installed"
+- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed"
- echo "*** or that you have moved LIBXML since it was installed. In the latter case, you"
- echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ])
- CPPFLAGS="$ac_save_CPPFLAGS"
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
deleted file mode 100644
index bb55eed..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
+++ /dev/null
@@ -1,269 +0,0 @@
-libxml2-2.9.4: Fix CVE-2016-4658
-
-[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658
-
-xpointer: Disallow namespace nodes in XPointer points and ranges
-
-Namespace nodes must be copied to avoid use-after-free errors.
-But they don't necessarily have a physical representation in a
-document, so simply disallow them in XPointer ranges.
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=3f8a91036d338e51c059d54397a42d645f019c65]
-CVE: CVE-2016-4658
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..911680d 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
- }
-
- /**
-+ * xmlXPtrNewRangeInternal:
-+ * @start: the starting node
-+ * @startindex: the start index
-+ * @end: the ending point
-+ * @endindex: the ending index
-+ *
-+ * Internal function to create a new xmlXPathObjectPtr of type range
-+ *
-+ * Returns the newly created object.
-+ */
-+static xmlXPathObjectPtr
-+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
-+ xmlNodePtr end, int endindex) {
-+ xmlXPathObjectPtr ret;
-+
-+ /*
-+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
-+ * Disallow them for now.
-+ */
-+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+
-+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-+ if (ret == NULL) {
-+ xmlXPtrErrMemory("allocating range");
-+ return(NULL);
-+ }
-+ memset(ret, 0, sizeof(xmlXPathObject));
-+ ret->type = XPATH_RANGE;
-+ ret->user = start;
-+ ret->index = startindex;
-+ ret->user2 = end;
-+ ret->index2 = endindex;
-+ return(ret);
-+}
-+
-+/**
- * xmlXPtrNewRange:
- * @start: the starting node
- * @startindex: the start index
-@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
- if (endindex < 0)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = startindex;
-- ret->user2 = end;
-- ret->index2 = endindex;
-+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
-+ end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
- if (start->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
- if (end == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- if (start == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = NULL;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
- return(ret);
- }
-
-@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- */
- xmlXPathObjectPtr
- xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
-+ xmlNodePtr endNode;
-+ int endIndex;
- xmlXPathObjectPtr ret;
-
- if (start == NULL)
-@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- return(NULL);
- switch (end->type) {
- case XPATH_POINT:
-+ endNode = end->user;
-+ endIndex = end->index;
-+ break;
- case XPATH_RANGE:
-+ endNode = end->user2;
-+ endIndex = end->index2;
- break;
- case XPATH_NODESET:
- /*
-@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- */
- if (end->nodesetval->nodeNr <= 0)
- return(NULL);
-+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-+ endIndex = -1;
- break;
- default:
- /* TODO */
- return(NULL);
- }
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- switch (end->type) {
-- case XPATH_POINT:
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-- break;
-- case XPATH_RANGE:
-- ret->user2 = end->user2;
-- ret->index2 = end->index2;
-- break;
-- case XPATH_NODESET: {
-- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-- ret->index2 = -1;
-- break;
-- }
-- default:
-- STRANGE
-- return(NULL);
-- }
-+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
-@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user2;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
deleted file mode 100644
index 9d47d02..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
+++ /dev/null
@@ -1,180 +0,0 @@
-From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 14:22:23 +0200
-Subject: [PATCH] Fix XPointer paths beginning with range-to
-
-The old code would invoke the broken xmlXPtrRangeToFunction. range-to
-isn't really a function but a special kind of location step. Remove
-this function and always handle range-to in the XPath code.
-
-The old xmlXPtrRangeToFunction could also be abused to trigger a
-use-after-free error with the potential for remote code execution.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-5131.
-
-CVE: CVE-2016-5131
-Upstream-Status: Backport
-https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- result/XPath/xptr/vidbase | 13 ++++++++
- test/XPath/xptr/vidbase | 1 +
- xpath.c | 7 ++++-
- xpointer.c | 76 ++++-------------------------------------------
- 4 files changed, 26 insertions(+), 71 deletions(-)
-
-diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
-index 8b9e92d..f19193e 100644
---- a/result/XPath/xptr/vidbase
-+++ b/result/XPath/xptr/vidbase
-@@ -17,3 +17,16 @@ Object is a Location Set:
- To node
- ELEMENT p
-
-+
-+========================
-+Expression: xpointer(range-to(id('chapter2')))
-+Object is a Location Set:
-+1 : Object is a range :
-+ From node
-+ /
-+ To node
-+ ELEMENT chapter
-+ ATTRIBUTE id
-+ TEXT
-+ content=chapter2
-+
-diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
-index b146383..884b106 100644
---- a/test/XPath/xptr/vidbase
-+++ b/test/XPath/xptr/vidbase
-@@ -1,2 +1,3 @@
- xpointer(id('chapter1')/p)
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
-+xpointer(range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index d992841..5a01b1b 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
- lc = 1;
- break;
- } else if ((NXT(len) == '(')) {
-- /* Note Type or Function */
-+ /* Node Type or Function */
- if (xmlXPathIsNodeType(name)) {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
- "PathExpr: Type search\n");
- #endif
- lc = 1;
-+#ifdef LIBXML_XPTR_ENABLED
-+ } else if (ctxt->xptr &&
-+ xmlStrEqual(name, BAD_CAST "range-to")) {
-+ lc = 1;
-+#endif
- } else {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..d74174a 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
- ret->here = here;
- ret->origin = origin;
-
-- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
-- xmlXPtrRangeToFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range",
- xmlXPtrRangeFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
-@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- * @nargs: the number of args
- *
- * Implement the range-to() XPointer function
-+ *
-+ * Obsolete. range-to is not a real function but a special type of location
-+ * step which is handled in xpath.c.
- */
- void
--xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
-- xmlXPathObjectPtr range;
-- const xmlChar *cur;
-- xmlXPathObjectPtr res, obj;
-- xmlXPathObjectPtr tmp;
-- xmlLocationSetPtr newset = NULL;
-- xmlNodeSetPtr oldset;
-- int i;
--
-- if (ctxt == NULL) return;
-- CHECK_ARITY(1);
-- /*
-- * Save the expression pointer since we will have to evaluate
-- * it multiple times. Initialize the new set.
-- */
-- CHECK_TYPE(XPATH_NODESET);
-- obj = valuePop(ctxt);
-- oldset = obj->nodesetval;
-- ctxt->context->node = NULL;
--
-- cur = ctxt->cur;
-- newset = xmlXPtrLocationSetCreate(NULL);
--
-- for (i = 0; i < oldset->nodeNr; i++) {
-- ctxt->cur = cur;
--
-- /*
-- * Run the evaluation with a node list made of a single item
-- * in the nodeset.
-- */
-- ctxt->context->node = oldset->nodeTab[i];
-- tmp = xmlXPathNewNodeSet(ctxt->context->node);
-- valuePush(ctxt, tmp);
--
-- xmlXPathEvalExpr(ctxt);
-- CHECK_ERROR;
--
-- /*
-- * The result of the evaluation need to be tested to
-- * decided whether the filter succeeded or not
-- */
-- res = valuePop(ctxt);
-- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
-- if (range != NULL) {
-- xmlXPtrLocationSetAdd(newset, range);
-- }
--
-- /*
-- * Cleanup
-- */
-- if (res != NULL)
-- xmlXPathFreeObject(res);
-- if (ctxt->value == tmp) {
-- res = valuePop(ctxt);
-- xmlXPathFreeObject(res);
-- }
--
-- ctxt->context->node = NULL;
-- }
--
-- /*
-- * The result is used as the new evaluation set.
-- */
-- xmlXPathFreeObject(obj);
-- ctxt->context->node = NULL;
-- ctxt->context->contextSize = -1;
-- ctxt->context->proximityPosition = -1;
-- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
-+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
-+ int nargs ATTRIBUTE_UNUSED) {
-+ XP_ERROR(XPATH_EXPR_ERROR);
- }
-
- /**
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
deleted file mode 100644
index 0108265..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-libxml2: Fix CVE-2017-0663
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
-
-valid: Fix type confusion in xmlValidateOneNamespace
-
-Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
-on namespace declarations make no practical sense anyway.
-
-Fixes bug 780228
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
-CVE: CVE-2017-0663
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..e03d35e 100644
---- a/valid.c
-+++ b/valid.c
-@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- }
- }
-
-+ /*
-+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
-+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
-+ * no practical sense to use ID types anyway.
-+ */
-+#if 0
- /* Validity Constraint: ID uniqueness */
- if (attrDecl->atype == XML_ATTRIBUTE_ID) {
- if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
-@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
- ret = 0;
- }
-+#endif
-
- /* Validity Constraint: Notation Attributes */
- if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
deleted file mode 100644
index 571b05c..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-5969
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
-
-valid: Fix NULL pointer deref in xmlDumpElementContent
-
-Can only be triggered in recovery mode.
-
-Fixes bug 758422
-
-Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882]
-CVE: CVE-2017-5969
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..0a8e58a 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
- xmlBufferWriteCHAR(buf, content->name);
- break;
- case XML_ELEMENT_CONTENT_SEQ:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " , ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
- break;
- case XML_ELEMENT_CONTENT_OR:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " | ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
deleted file mode 100644
index 26779aa..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Wed, 23 Aug 2017 16:04:49 +0800
-Subject: [PATCH] fix CVE-2017-8872
-
-this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
-il too here.
-
-this seems to cure this specific issue, and also passes the testsuite
-
-Signed-off-by: Marcus Meissner <meissner@suse.de>
-
-https://bugzilla.gnome.org/show_bug.cgi?id=775200
-Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- parser.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/parser.c b/parser.c
-index 9506ead..6c07ffd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
- }
- ctxt->input->cur = BAD_CAST"";
- ctxt->input->base = ctxt->input->cur;
-+ if (ctxt->input->buf) {
-+ xmlBufEmpty (ctxt->input->buf->buffer);
-+ } else
-+ ctxt->input->length = 0;
- }
- }
-
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
deleted file mode 100644
index 8b03456..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781701
-
-valid: Fix buffer size checks in xmlSnprintfElementContent
-
-xmlSnprintfElementContent failed to correctly check the available
-buffer space in two locations.
-
-Fixes bug 781333 and bug 781701
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9047 CVE-2017-9048
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/result/valid/781333.xml b/result/valid/781333.xml
-new file mode 100644
-index 0000000..01baf11
---- /dev/null
-+++ b/result/valid/781333.xml
-@@ -0,0 +1,5 @@
-+<?xml version="1.0"?>
-+<!DOCTYPE a [
-+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
lllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
-new file mode 100644
-index 0000000..2176200
---- /dev/null
-+++ b/result/valid/781333.xml.err
-@@ -0,0 +1,3 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
-new file mode 100644
-index 0000000..1195a04
---- /dev/null
-+++ b/result/valid/781333.xml.err.rdr
-@@ -0,0 +1,6 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
-+
-+^
-diff --git a/test/valid/781333.xml b/test/valid/781333.xml
-new file mode 100644
-index 0000000..bceac9c
---- /dev/null
-+++ b/test/valid/781333.xml
-@@ -0,0 +1,4 @@
-+<!DOCTYPE a [
-+ <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
lllllllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/valid.c b/valid.c
-index 19f84b8..aaa30f6 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- case XML_ELEMENT_CONTENT_PCDATA:
- strcat(buf, "#PCDATA");
- break;
-- case XML_ELEMENT_CONTENT_ELEMENT:
-+ case XML_ELEMENT_CONTENT_ELEMENT: {
-+ int qnameLen = xmlStrlen(content->name);
-+
-+ if (content->prefix != NULL)
-+ qnameLen += xmlStrlen(content->prefix) + 1;
-+ if (size - len < qnameLen + 10) {
-+ strcat(buf, " ...");
-+ return;
-+ }
- if (content->prefix != NULL) {
-- if (size - len < xmlStrlen(content->prefix) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- strcat(buf, (char *) content->prefix);
- strcat(buf, ":");
- }
-- if (size - len < xmlStrlen(content->name) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- if (content->name != NULL)
- strcat(buf, (char *) content->name);
- break;
-+ }
- case XML_ELEMENT_CONTENT_SEQ:
- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- xmlSnprintfElementContent(buf, size, content->c2, 0);
- break;
- }
-+ if (size - strlen(buf) <= 2) return;
- if (englob)
- strcat(buf, ")");
- switch (content->ocur) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
deleted file mode 100644
index 591075d..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
+++ /dev/null
@@ -1,291 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781205
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781361
-
-parser: Fix handling of parameter-entity references
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-Percent sign in DTD Names
-=========================
-
-The NEXTL macro used to call xmlParserHandlePEReference. When parsing
-"complex" names inside the DTD, this could result in entity expansion
-which created a new input buffer. The fix is to simply remove the call
-to xmlParserHandlePEReference from the NEXTL macro. This is safe because
-no users of the macro require expansion of parameter entities.
-
-- xmlParseNameComplex
-- xmlParseNCNameComplex
-- xmlParseNmtoken
-
-The percent sign is not allowed in names, which are grammatical tokens.
-
-- xmlParseEntityValue
-
-Parameter-entity references in entity values are expanded but this
-happens in a separate step in this function.
-
-- xmlParseSystemLiteral
-
-Parameter-entity references are ignored in the system literal.
-
-- xmlParseAttValueComplex
-- xmlParseCharDataComplex
-- xmlParseCommentComplex
-- xmlParsePI
-- xmlParseCDSect
-
-Parameter-entity references are ignored outside the DTD.
-
-- xmlLoadEntityContent
-
-This function is only called from xmlStringLenDecodeEntities and
-entities are replaced in a separate step immediately after the function
-call.
-
-This bug could also be triggered with an internal subset and double
-entity expansion.
-
-This fixes bug 766956 initially reported by Wei Lei and independently by
-Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
-involved.
-
-xmlParseNameComplex with XML_PARSE_OLD10
-========================================
-
-When parsing Names inside an expanded parameter entity with the
-XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
-GROW macro if the input buffer was exhausted. At the end of the
-parameter entity's replacement text, this function would then call
-xmlPopInput which invalidated the input buffer.
-
-There should be no need to invoke GROW in this situation because the
-buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
-at least for UTF-8, in xmlCurrentChar. This also matches the code path
-executed when XML_PARSE_OLD10 is not set.
-
-This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
-Thanks to Marcel Böhme and Thuan Pham for the report.
-
-Additional hardening
-====================
-
-A separate check was added in xmlParseNameComplex to validate the
-buffer size.
-
-Fixes bug 781205 and bug 781361
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9049 CVE-2017-9050
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/Makefile.am b/Makefile.am
-index 9f988b0..dab15a4 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
- if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
- rm result.$$name error.$$name ; \
- fi ; fi ; done)
-+ @echo "## Error cases regression tests (old 1.0)"
-+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
-+ name=`basename $$i`; \
-+ if [ ! -d $$i ] ; then \
-+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
-+ echo New test file $$name ; \
-+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
-+ 2> $(srcdir)/result/errors10/$$name.err \
-+ > $(srcdir)/result/errors10/$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ else \
-+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ diff $(srcdir)/result/errors10/$$name result.$$name ; \
-+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
-+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
-+ rm result.$$name error.$$name ; \
-+ fi ; fi ; done)
- @echo "## Error cases stream regression tests"
- -@(for i in $(srcdir)/test/errors/*.xml ; do \
- name=`basename $$i`; \
-diff --git a/parser.c b/parser.c
-index 609a270..8e11c12 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
- ctxt->input->line++; ctxt->input->col = 1; \
- } else ctxt->input->col++; \
- ctxt->input->cur += l; \
-- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
- } while (0)
-
- #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
-@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- len += l;
- NEXTL(l);
- c = CUR_CHAR(l);
-- if (c == 0) {
-- count = 0;
-- GROW;
-- if (ctxt->instate == XML_PARSER_EOF)
-- return(NULL);
-- c = CUR_CHAR(l);
-- }
- }
- }
- if ((len > XML_MAX_NAME_LENGTH) &&
-@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
- return(NULL);
- }
-+ if (ctxt->input->cur - ctxt->input->base < len) {
-+ /*
-+ * There were a couple of bugs where PERefs lead to to a change
-+ * of the buffer. Check the buffer size to avoid passing an invalid
-+ * pointer to xmlDictLookup.
-+ */
-+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
-+ "unexpected change of input buffer");
-+ return (NULL);
-+ }
- if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
-diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
-new file mode 100644
-index 0000000..da15c3f
---- /dev/null
-+++ b/result/errors10/781205.xml.err
-@@ -0,0 +1,21 @@
-+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+Entity: line 1: parser error : DOCTYPE improperly terminated
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+namespace error : Failed to parse QName ':0000'
-+ %a;
-+ ^
-+<:0000
-+ ^
-+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
-+
-+^
-diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
-new file mode 100644
-index 0000000..655f41a
---- /dev/null
-+++ b/result/errors10/781361.xml.err
-@@ -0,0 +1,13 @@
-+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
-+
-+^
-+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+
-+^
-+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
-+
-+^
-+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
-+
-+^
-diff --git a/result/valid/766956.xml b/result/valid/766956.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
-new file mode 100644
-index 0000000..34b1dae
---- /dev/null
-+++ b/result/valid/766956.xml.err
-@@ -0,0 +1,9 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
-new file mode 100644
-index 0000000..7760346
---- /dev/null
-+++ b/result/valid/766956.xml.err.rdr
-@@ -0,0 +1,10 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-+./test/valid/766956.xml : failed to parse
-diff --git a/runtest.c b/runtest.c
-index bb74d2a..63e8c20 100644
---- a/runtest.c
-+++ b/runtest.c
-@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
- { "Error cases regression tests",
- errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
- 0 },
-+ { "Error cases regression tests (old 1.0)",
-+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
-+ XML_PARSE_OLD10 },
- #ifdef LIBXML_READER_ENABLED
- { "Error cases stream regression tests",
- streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
-diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
-new file mode 100644
-index 0000000..d9e9e83
---- /dev/null
-+++ b/test/errors10/781205.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE D [
-+ <!ENTITY % a "<:0000">
-+ %a;
-diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
-new file mode 100644
-index 0000000..67476bc
---- /dev/null
-+++ b/test/errors10/781361.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE doc [
-+ <!ENTITY % elem "<!ELEMENT e0000000000">
-+ %elem;
-diff --git a/test/valid/766956.xml b/test/valid/766956.xml
-new file mode 100644
-index 0000000..19a95a0
---- /dev/null
-+++ b/test/valid/766956.xml
-@@ -0,0 +1,2 @@
-+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
-+<test/>
-diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
-new file mode 100644
-index 0000000..dddde68
---- /dev/null
-+++ b/test/valid/dtds/766956.dtd
-@@ -0,0 +1,2 @@
-+<!ENTITY % ent "value">
-+%ä%ent;
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
deleted file mode 100644
index c60e32f..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-libxml2-2.9.4: Fix more NULL pointer derefs
-
-xpointer: Fix more NULL pointer derefs
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..074db24 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- /*
- * Empty set ...
- */
-- if (end->nodesetval->nodeNr <= 0)
-+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
- return(NULL);
- break;
- default:
-@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
- */
- xmlNodeSetPtr set;
- set = tmp->nodesetval;
-- if ((set->nodeNr != 1) ||
-+ if ((set == NULL) || (set->nodeNr != 1) ||
- (set->nodeTab[0] != (xmlNodePtr) ctx->doc))
- stack++;
- } else
-@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- xmlXPathFreeObject(set);
- XP_ERROR(XPATH_MEMORY_ERROR);
- }
-- for (i = 0;i < oldset->locNr;i++) {
-- xmlXPtrLocationSetAdd(newset,
-- xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ if (oldset != NULL) {
-+ for (i = 0;i < oldset->locNr;i++) {
-+ xmlXPtrLocationSetAdd(newset,
-+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ }
- }
-
- /*
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
deleted file mode 100644
index faa5770..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
+++ /dev/null
@@ -1,590 +0,0 @@
-libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2
-
-[No upstream tracking]
-
-parser: Avoid reparsing in xmlParseStartTag2
-
-The code in xmlParseStartTag2 must handle the case that the input
-buffer was grown and reallocated which can invalidate pointers to
-attribute values. Before, this was handled by detecting changes of
-the input buffer "base" pointer and, in case of a change, jumping
-back to the beginning of the function and reparsing the start tag.
-
-The major problem of this approach is that whether an input buffer is
-reallocated is nondeterministic, resulting in seemingly random test
-failures. See the mailing list thread "runtest mystery bug: name2.xml
-error case regression test" from 2012, for example.
-
-If a reallocation was detected, the code also made no attempts to
-continue parsing in case of errors which makes a difference in
-the lax "recover" mode.
-
-Now we store the current input buffer "base" pointer for each (not
-separately allocated) attribute in the namespace URI field, which isn't
-used until later. After the whole start tag was parsed, the pointers to
-the attribute values are reconstructed using the offset between the
-new and the old input buffer. This relies on arithmetic on dangling
-pointers which is technically undefined behavior. But it seems like
-the easiest and most efficient fix and a similar approach is used in
-xmlParserInputGrow.
-
-This changes the error output of several tests, typically making it
-more verbose because we try harder to continue parsing in case of errors.
-
-(Another possible solution is to check not only the "base" pointer
-but the size of the input buffer as well. But this would result in
-even more reparsing.)
-
-Remove some goto labels and deduplicate a bit of code after handling
-namespaces.
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349]
- - [https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/parser.c b/parser.c
-index 609a270..74016e3 100644
---- a/parser.c
-+++ b/parser.c
-@@ -43,6 +43,7 @@
- #include <limits.h>
- #include <string.h>
- #include <stdarg.h>
-+#include <stddef.h>
- #include <libxml/xmlmemory.h>
- #include <libxml/threads.h>
- #include <libxml/globals.h>
-@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
- const xmlChar **atts = ctxt->atts;
- int maxatts = ctxt->maxatts;
- int nratts, nbatts, nbdef;
-- int i, j, nbNs, attval, oldline, oldcol, inputNr;
-- const xmlChar *base;
-+ int i, j, nbNs, attval;
- unsigned long cur;
- int nsNr = ctxt->nsNr;
-
-@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
- * The Shrinking is only possible once the full set of attribute
- * callbacks have been done.
- */
--reparse:
- SHRINK;
-- base = ctxt->input->base;
- cur = ctxt->input->cur - ctxt->input->base;
-- inputNr = ctxt->inputNr;
-- oldline = ctxt->input->line;
-- oldcol = ctxt->input->col;
- nbatts = 0;
- nratts = 0;
- nbdef = 0;
-@@ -9422,8 +9417,6 @@ reparse:
- */
- SKIP_BLANKS;
- GROW;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-
- while (((RAW != '>') &&
- ((RAW != '/') || (NXT(1) != '>')) &&
-@@ -9434,203 +9427,174 @@ reparse:
-
- attname = xmlParseAttribute2(ctxt, prefix, localname,
- &aprefix, &attvalue, &len, &alloc);
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
-- if ((attvalue != NULL) && (alloc != 0))
-- xmlFree(attvalue);
-- attvalue = NULL;
-- goto base_changed;
-- }
-- if ((attname != NULL) && (attvalue != NULL)) {
-- if (len < 0) len = xmlStrlen(attvalue);
-- if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
-- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-- xmlURIPtr uri;
--
-- if (URL == NULL) {
-- xmlErrMemory(ctxt, "dictionary allocation failure");
-- if ((attvalue != NULL) && (alloc != 0))
-- xmlFree(attvalue);
-- return(NULL);
-- }
-- if (*URL != 0) {
-- uri = xmlParseURI((const char *) URL);
-- if (uri == NULL) {
-- xmlNsErr(ctxt, XML_WAR_NS_URI,
-- "xmlns: '%s' is not a valid URI\n",
-- URL, NULL, NULL);
-- } else {
-- if (uri->scheme == NULL) {
-- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-- "xmlns: URI %s is not absolute\n",
-- URL, NULL, NULL);
-- }
-- xmlFreeURI(uri);
-- }
-- if (URL == ctxt->str_xml_ns) {
-- if (attname != ctxt->str_xml) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace URI cannot be the default namespace\n",
-- NULL, NULL, NULL);
-- }
-- goto skip_default_ns;
-- }
-- if ((len == 29) &&
-- (xmlStrEqual(URL,
-- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "reuse of the xmlns namespace name is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_default_ns;
-- }
-- }
-- /*
-- * check that it's not a defined namespace
-- */
-- for (j = 1;j <= nbNs;j++)
-- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
-- break;
-- if (j <= nbNs)
-- xmlErrAttributeDup(ctxt, NULL, attname);
-- else
-- if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
--skip_default_ns:
-- if ((attvalue != NULL) && (alloc != 0)) {
-- xmlFree(attvalue);
-- attvalue = NULL;
-- }
-- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
-- break;
-- if (!IS_BLANK_CH(RAW)) {
-- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
-- "attributes construct error\n");
-- break;
-- }
-- SKIP_BLANKS;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-- continue;
-- }
-- if (aprefix == ctxt->str_xmlns) {
-- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-- xmlURIPtr uri;
--
-- if (attname == ctxt->str_xml) {
-- if (URL != ctxt->str_xml_ns) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace prefix mapped to wrong URI\n",
-- NULL, NULL, NULL);
-- }
-- /*
-- * Do not keep a namespace definition node
-- */
-- goto skip_ns;
-- }
-+ if ((attname == NULL) || (attvalue == NULL))
-+ goto next_attr;
-+ if (len < 0) len = xmlStrlen(attvalue);
-+
-+ if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
-+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+ xmlURIPtr uri;
-+
-+ if (URL == NULL) {
-+ xmlErrMemory(ctxt, "dictionary allocation failure");
-+ if ((attvalue != NULL) && (alloc != 0))
-+ xmlFree(attvalue);
-+ return(NULL);
-+ }
-+ if (*URL != 0) {
-+ uri = xmlParseURI((const char *) URL);
-+ if (uri == NULL) {
-+ xmlNsErr(ctxt, XML_WAR_NS_URI,
-+ "xmlns: '%s' is not a valid URI\n",
-+ URL, NULL, NULL);
-+ } else {
-+ if (uri->scheme == NULL) {
-+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+ "xmlns: URI %s is not absolute\n",
-+ URL, NULL, NULL);
-+ }
-+ xmlFreeURI(uri);
-+ }
- if (URL == ctxt->str_xml_ns) {
-- if (attname != ctxt->str_xml) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace URI mapped to wrong prefix\n",
-- NULL, NULL, NULL);
-- }
-- goto skip_ns;
-- }
-- if (attname == ctxt->str_xmlns) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "redefinition of the xmlns prefix is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_ns;
-- }
-- if ((len == 29) &&
-- (xmlStrEqual(URL,
-- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "reuse of the xmlns namespace name is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_ns;
-- }
-- if ((URL == NULL) || (URL[0] == 0)) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xmlns:%s: Empty XML namespace is not allowed\n",
-- attname, NULL, NULL);
-- goto skip_ns;
-- } else {
-- uri = xmlParseURI((const char *) URL);
-- if (uri == NULL) {
-- xmlNsErr(ctxt, XML_WAR_NS_URI,
-- "xmlns:%s: '%s' is not a valid URI\n",
-- attname, URL, NULL);
-- } else {
-- if ((ctxt->pedantic) && (uri->scheme == NULL)) {
-- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-- "xmlns:%s: URI %s is not absolute\n",
-- attname, URL, NULL);
-- }
-- xmlFreeURI(uri);
-- }
-- }
--
-- /*
-- * check that it's not a defined namespace
-- */
-- for (j = 1;j <= nbNs;j++)
-- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
-- break;
-- if (j <= nbNs)
-- xmlErrAttributeDup(ctxt, aprefix, attname);
-- else
-- if (nsPush(ctxt, attname, URL) > 0) nbNs++;
--skip_ns:
-- if ((attvalue != NULL) && (alloc != 0)) {
-- xmlFree(attvalue);
-- attvalue = NULL;
-- }
-- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
-- break;
-- if (!IS_BLANK_CH(RAW)) {
-- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
-- "attributes construct error\n");
-- break;
-- }
-- SKIP_BLANKS;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-- continue;
-- }
-+ if (attname != ctxt->str_xml) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace URI cannot be the default namespace\n",
-+ NULL, NULL, NULL);
-+ }
-+ goto next_attr;
-+ }
-+ if ((len == 29) &&
-+ (xmlStrEqual(URL,
-+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "reuse of the xmlns namespace name is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ }
-+ /*
-+ * check that it's not a defined namespace
-+ */
-+ for (j = 1;j <= nbNs;j++)
-+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
-+ break;
-+ if (j <= nbNs)
-+ xmlErrAttributeDup(ctxt, NULL, attname);
-+ else
-+ if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
-+
-+ } else if (aprefix == ctxt->str_xmlns) {
-+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+ xmlURIPtr uri;
-+
-+ if (attname == ctxt->str_xml) {
-+ if (URL != ctxt->str_xml_ns) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace prefix mapped to wrong URI\n",
-+ NULL, NULL, NULL);
-+ }
-+ /*
-+ * Do not keep a namespace definition node
-+ */
-+ goto next_attr;
-+ }
-+ if (URL == ctxt->str_xml_ns) {
-+ if (attname != ctxt->str_xml) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace URI mapped to wrong prefix\n",
-+ NULL, NULL, NULL);
-+ }
-+ goto next_attr;
-+ }
-+ if (attname == ctxt->str_xmlns) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "redefinition of the xmlns prefix is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ if ((len == 29) &&
-+ (xmlStrEqual(URL,
-+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "reuse of the xmlns namespace name is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ if ((URL == NULL) || (URL[0] == 0)) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xmlns:%s: Empty XML namespace is not allowed\n",
-+ attname, NULL, NULL);
-+ goto next_attr;
-+ } else {
-+ uri = xmlParseURI((const char *) URL);
-+ if (uri == NULL) {
-+ xmlNsErr(ctxt, XML_WAR_NS_URI,
-+ "xmlns:%s: '%s' is not a valid URI\n",
-+ attname, URL, NULL);
-+ } else {
-+ if ((ctxt->pedantic) && (uri->scheme == NULL)) {
-+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+ "xmlns:%s: URI %s is not absolute\n",
-+ attname, URL, NULL);
-+ }
-+ xmlFreeURI(uri);
-+ }
-+ }
-
-- /*
-- * Add the pair to atts
-- */
-- if ((atts == NULL) || (nbatts + 5 > maxatts)) {
-- if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
-- if (attvalue[len] == 0)
-- xmlFree(attvalue);
-- goto failed;
-- }
-- maxatts = ctxt->maxatts;
-- atts = ctxt->atts;
-- }
-- ctxt->attallocs[nratts++] = alloc;
-- atts[nbatts++] = attname;
-- atts[nbatts++] = aprefix;
-- atts[nbatts++] = NULL; /* the URI will be fetched later */
-- atts[nbatts++] = attvalue;
-- attvalue += len;
-- atts[nbatts++] = attvalue;
-- /*
-- * tag if some deallocation is needed
-- */
-- if (alloc != 0) attval = 1;
-- } else {
-- if ((attvalue != NULL) && (attvalue[len] == 0))
-- xmlFree(attvalue);
-- }
-+ /*
-+ * check that it's not a defined namespace
-+ */
-+ for (j = 1;j <= nbNs;j++)
-+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
-+ break;
-+ if (j <= nbNs)
-+ xmlErrAttributeDup(ctxt, aprefix, attname);
-+ else
-+ if (nsPush(ctxt, attname, URL) > 0) nbNs++;
-+
-+ } else {
-+ /*
-+ * Add the pair to atts
-+ */
-+ if ((atts == NULL) || (nbatts + 5 > maxatts)) {
-+ if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
-+ goto next_attr;
-+ }
-+ maxatts = ctxt->maxatts;
-+ atts = ctxt->atts;
-+ }
-+ ctxt->attallocs[nratts++] = alloc;
-+ atts[nbatts++] = attname;
-+ atts[nbatts++] = aprefix;
-+ /*
-+ * The namespace URI field is used temporarily to point at the
-+ * base of the current input buffer for non-alloced attributes.
-+ * When the input buffer is reallocated, all the pointers become
-+ * invalid, but they can be reconstructed later.
-+ */
-+ if (alloc)
-+ atts[nbatts++] = NULL;
-+ else
-+ atts[nbatts++] = ctxt->input->base;
-+ atts[nbatts++] = attvalue;
-+ attvalue += len;
-+ atts[nbatts++] = attvalue;
-+ /*
-+ * tag if some deallocation is needed
-+ */
-+ if (alloc != 0) attval = 1;
-+ attvalue = NULL; /* moved into atts */
-+ }
-
--failed:
-+next_attr:
-+ if ((attvalue != NULL) && (alloc != 0)) {
-+ xmlFree(attvalue);
-+ attvalue = NULL;
-+ }
-
- GROW
- if (ctxt->instate == XML_PARSER_EOF)
- break;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
- break;
- if (!IS_BLANK_CH(RAW)) {
-@@ -9646,8 +9610,20 @@ failed:
- break;
- }
- GROW;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-+ }
-+
-+ /* Reconstruct attribute value pointers. */
-+ for (i = 0, j = 0; j < nratts; i += 5, j++) {
-+ if (atts[i+2] != NULL) {
-+ /*
-+ * Arithmetic on dangling pointers is technically undefined
-+ * behavior, but well...
-+ */
-+ ptrdiff_t offset = ctxt->input->base - atts[i+2];
-+ atts[i+2] = NULL; /* Reset repurposed namespace URI */
-+ atts[i+3] += offset; /* value */
-+ atts[i+4] += offset; /* valuend */
-+ }
- }
-
- /*
-@@ -9804,34 +9780,6 @@ failed:
- }
-
- return(localname);
--
--base_changed:
-- /*
-- * the attribute strings are valid iif the base didn't changed
-- */
-- if (attval != 0) {
-- for (i = 3,j = 0; j < nratts;i += 5,j++)
-- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
-- xmlFree((xmlChar *) atts[i]);
-- }
--
-- /*
-- * We can't switch from one entity to another in the middle
-- * of a start tag
-- */
-- if (inputNr != ctxt->inputNr) {
-- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
-- "Start tag doesn't start and stop in the same entity\n");
-- return(NULL);
-- }
--
-- ctxt->input->cur = ctxt->input->base + cur;
-- ctxt->input->line = oldline;
-- ctxt->input->col = oldcol;
-- if (ctxt->wellFormed == 1) {
-- goto reparse;
-- }
-- return(NULL);
- }
-
- /**
-diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err
-index e08d9bf..f6036a3 100644
---- a/result/errors/759398.xml.err
-+++ b/result/errors/759398.xml.err
-@@ -1,9 +1,12 @@
- ./test/errors/759398.xml:210: parser error : StartTag: invalid element name
- need to worry about parsers whi<! don't expand PErefs finding
- ^
--./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: spec line 50 and termdef
-+./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââm line 308 and termdef
- and provide access to their content and structure.</termdef> <termdef
- ^
--./test/errors/759398.xml:309: parser error : Extra content at the end of the document
--and provide access to their content and structure.</termdef> <termdef
-- ^
-+./test/errors/759398.xml:314: parser error : Opening and ending tag mismatch: spec line 50 and p
-+data and the information it must provide to the application.</p>
-+ ^
-+./test/errors/759398.xml:316: parser error : Extra content at the end of the document
-+<div2 id='sec-origin-goals'>
-+^
-diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err
-index 4f08538..c4c4fc8 100644
---- a/result/errors/attr1.xml.err
-+++ b/result/errors/attr1.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr1.xml:2: parser error : AttValue: ' expected
-
- ^
--./test/errors/attr1.xml:1: parser error : Extra content at the end of the document
--<foo foo="oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr1.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr1.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/attr2.xml.err b/result/errors/attr2.xml.err
-index c8a9c7d..77e342e 100644
---- a/result/errors/attr2.xml.err
-+++ b/result/errors/attr2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr2.xml:2: parser error : AttValue: ' expected
-
- ^
--./test/errors/attr2.xml:1: parser error : Extra content at the end of the document
--<foo foo=">ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err
-index a6649a1..8a6acee 100644
---- a/result/errors/name2.xml.err
-+++ b/result/errors/name2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/name2.xml:2: parser error : Specification mandate value for attribute foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-
- ^
--./test/errors/name2.xml:1: parser error : Extra content at the end of the document
--<foo foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/name2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/name2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
deleted file mode 100644
index 65f6bef..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-libxml2-2.9.4: Fix comparison with root node in xmlXPathCmpNodes and NULL pointer deref in XPointer
-
-xpath:
- - Check for errors after evaluating first operand.
- - Add sanity check for empty stack.
- - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8]
-CVE: CVE-2016-5131
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
-new file mode 100644
-index 0000000..d589882
---- /dev/null
-+++ b/result/XPath/xptr/viderror
-@@ -0,0 +1,4 @@
-+
-+========================
-+Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
-+Object is empty (NULL)
-diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
-new file mode 100644
-index 0000000..da8c53b
---- /dev/null
-+++ b/test/XPath/xptr/viderror
-@@ -0,0 +1 @@
-+xpointer(non-existing-fn()/range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index 113bce6..d992841 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
- * compute depth to root
- */
- for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node1)
-+ if (cur->parent == node1)
- return(1);
- depth2++;
- }
- root = cur;
- for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node2)
-+ if (cur->parent == node2)
- return(-1);
- depth1++;
- }
-@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- xmlNodeSetPtr oldset;
- int i, j;
-
-- if (op->ch1 != -1)
-+ if (op->ch1 != -1) {
- total +=
- xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
-+ CHECK_ERROR0;
-+ }
-+ if (ctxt->value == NULL) {
-+ XP_ERROR0(XPATH_INVALID_OPERAND);
-+ }
- if (op->ch2 == -1)
- return (total);
-
diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch b/meta/recipes-core/libxml/libxml2/runtest.patch
index 6e56857..cb171d5 100644
--- a/meta/recipes-core/libxml/libxml2/runtest.patch
+++ b/meta/recipes-core/libxml/libxml2/runtest.patch
@@ -2,47 +2,29 @@ Add 'install-ptest' rule.
Print a standard result line for each test.
Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
-Signed-off-by: Andrej Valek <andrej.valek@enea.com>
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Upstream-Status: Backport
diff -uNr a/Makefile.am b/Makefile.am
---- a/Makefile.am 2016-05-22 03:49:02.000000000 +0200
-+++ b/Makefile.am 2017-06-14 10:38:43.381305385 +0200
-@@ -202,10 +202,24 @@
+--- a/Makefile.am 2017-08-28 15:01:14.000000000 +0200
++++ b/Makefile.am 2017-09-05 08:06:05.752287323 +0200
+@@ -202,6 +202,15 @@
#testOOM_DEPENDENCIES = $(DEPS)
#testOOM_LDADD= $(LDADDS)
+install-ptest:
+ @(if [ -d .libs ] ; then cd .libs; fi; \
-+ install $(noinst_PROGRAMS) $(DESTDIR))
++ install $(check_PROGRAMS) $(DESTDIR))
+ cp -r $(srcdir)/test $(DESTDIR)
+ cp -r $(srcdir)/result $(DESTDIR)
+ cp -r $(srcdir)/python $(DESTDIR)
+ cp Makefile $(DESTDIR)
+ sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile
+
- runtests:
+ runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \
+ testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT)
[ -d test ] || $(LN_S) $(srcdir)/test .
- [ -d result ] || $(LN_S) $(srcdir)/result .
-- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
-+ $(CHECKER) ./runtest$(EXEEXT) && \
-+ $(CHECKER) ./testrecurse$(EXEEXT) && \
-+ ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) ./testapi$(EXEEXT) && \
-+ $(CHECKER) ./testchar$(EXEEXT) && \
-+ $(CHECKER) ./testdict$(EXEEXT) && \
-+ $(CHECKER) ./runxmlconf$(EXEEXT)
- @(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \
- $(MAKE) tests ; fi)
-
-@@ -229,7 +243,7 @@
-
- APItests: testapi$(EXEEXT)
- @echo "## Running the API regression tests this may take a little while"
-- -@($(CHECKER) $(top_builddir)/testapi -q)
-+ -@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) $(top_builddir)/testapi -q)
-
- HTMLtests : testHTML$(EXEEXT)
- @(echo > .memdump)
+
diff -uNr a/runsuite.c b/runsuite.c
--- a/runsuite.c 2013-04-12 16:17:11.462823238 +0200
+++ b/runsuite.c 2013-04-17 14:07:24.352693211 +0200
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.6.bb
similarity index 85%
rename from meta/recipes-core/libxml/libxml2_2.9.4.bb
rename to meta/recipes-core/libxml/libxml2_2.9.6.bb
index 107539b..fd4e85a 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.6.bb
@@ -19,21 +19,11 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
file://run-ptest \
file://python-sitepackages-dir.patch \
file://libxml-m4-use-pkgconfig.patch \
- file://libxml2-fix_node_comparison.patch \
- file://libxml2-CVE-2016-5131.patch \
- file://libxml2-CVE-2016-4658.patch \
- file://libxml2-fix_NULL_pointer_derefs.patch \
- file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
- file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
- file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
- file://libxml2-CVE-2017-5969.patch \
- file://libxml2-CVE-2017-0663.patch \
- file://libxml2-CVE-2017-8872.patch \
file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
"
-SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
-SRC_URI[libtar.sha256sum] = "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c"
+SRC_URI[libtar.md5sum] = "dbae8327d8471941bf0472e273473e36"
+SRC_URI[libtar.sha256sum] = "8b9038cca7240e881d462ea391882092dfdc6d4f483f72683e817be08df5ebbc"
SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a"
SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
@@ -81,6 +71,10 @@ do_configure_prepend () {
find ${WORKDIR}/xmlconf/ -type f -exec chmod -x {} \+
}
+do_compile_ptest() {
+ oe_runmake check-am
+}
+
do_install_ptest () {
cp -r ${WORKDIR}/xmlconf ${D}${PTEST_PATH}
if [ "${@bb.utils.filter('PACKAGECONFIG', 'python', d)}" ]; then
--
2.1.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* Re: [PATCH v3] libxml2: 2.9.4 -> 2.9.6
2017-10-06 7:27 ` [PATCH v3] libxml2: 2.9.4 -> 2.9.6 Andrej Valek
@ 2017-10-06 12:11 ` Alexander Kanavin
2017-10-06 13:19 ` Andrej Valek
2017-11-06 7:34 ` Andrej Valek
1 sibling, 1 reply; 24+ messages in thread
From: Alexander Kanavin @ 2017-10-06 12:11 UTC (permalink / raw)
To: Andrej Valek, openembedded-core
On 10/06/2017 10:27 AM, Andrej Valek wrote:
> Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> ---
> .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +-
> .../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 ----------
> .../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 -------
> .../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 --
> .../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ---
> .../libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 --
> .../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ----
> .../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ----------
> .../libxml2/libxml2-fix_NULL_pointer_derefs.patch | 45 --
> ...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 ---------------------
> .../libxml2/libxml2-fix_node_comparison.patch | 67 ---
> meta/recipes-core/libxml/libxml2/runtest.patch | 34 +-
> .../libxml/{libxml2_2.9.4.bb => libxml2_2.9.6.bb} | 18 +-
You need to explain why patches are being removed or modified. CVE fixes
are likely backports, but this should not be guessed.
Alex
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v3] libxml2: 2.9.4 -> 2.9.6
2017-10-06 12:11 ` Alexander Kanavin
@ 2017-10-06 13:19 ` Andrej Valek
2017-10-06 13:59 ` Alexander Kanavin
0 siblings, 1 reply; 24+ messages in thread
From: Andrej Valek @ 2017-10-06 13:19 UTC (permalink / raw)
To: Alexander Kanavin, Burton, Ross, openembedded-core
It is continue in discussion from thread
(http://lists.openembedded.org/pipermail/openembedded-core/2017-September/142891.html).
For the explanation CVE-* fx-* patches have been removed due to
backports. Ptest patch has been modified to adapt new changes in sources.
I have also updated a PR.
Andrej
On 10/06/2017 02:11 PM, Alexander Kanavin wrote:
> On 10/06/2017 10:27 AM, Andrej Valek wrote:
>> Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
>> ---
>> .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +-
>> .../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 ----------
>> .../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 -------
>> .../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 --
>> .../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ---
>> .../libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 --
>> .../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ----
>> .../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ----------
>> .../libxml2/libxml2-fix_NULL_pointer_derefs.patch | 45 --
>> ...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 ---------------------
>> .../libxml2/libxml2-fix_node_comparison.patch | 67 ---
>> meta/recipes-core/libxml/libxml2/runtest.patch | 34 +-
>> .../libxml/{libxml2_2.9.4.bb => libxml2_2.9.6.bb} | 18 +-
>
> You need to explain why patches are being removed or modified. CVE fixes
> are likely backports, but this should not be guessed.
>
> Alex
>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v3] libxml2: 2.9.4 -> 2.9.6
2017-10-06 13:19 ` Andrej Valek
@ 2017-10-06 13:59 ` Alexander Kanavin
0 siblings, 0 replies; 24+ messages in thread
From: Alexander Kanavin @ 2017-10-06 13:59 UTC (permalink / raw)
To: Andrej Valek, Burton, Ross, openembedded-core
On 10/06/2017 04:19 PM, Andrej Valek wrote:
> It is continue in discussion from thread
> (http://lists.openembedded.org/pipermail/openembedded-core/2017-September/142891.html).
>
> For the explanation CVE-* fx-* patches have been removed due to
> backports. Ptest patch has been modified to adapt new changes in sources.
What I meant is that you need to put this information into the commit
message itself. Be generous with it; the more it contains, the better.
Alex
^ permalink raw reply [flat|nested] 24+ messages in thread
* [PATCH v4] libxml2: 2.9.4 -> 2.9.6
2017-09-05 6:35 [PATCH] libxml2: 2.9.4 -> 2.9.5 Andrej Valek
` (3 preceding siblings ...)
2017-10-06 7:27 ` [PATCH v3] libxml2: 2.9.4 -> 2.9.6 Andrej Valek
@ 2017-10-09 6:29 ` Andrej Valek
2017-10-31 7:03 ` [PATCH v5] " Andrej Valek
2017-11-03 7:12 ` [PATCH v6] libxml2: 2.9.4 -> 2.9.7 Andrej Valek
4 siblings, 2 replies; 24+ messages in thread
From: Andrej Valek @ 2017-10-09 6:29 UTC (permalink / raw)
To: openembedded-core
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=UTF-8, Size: 91391 bytes --]
- remove backported patches (CVE-* and fix-*)
- adapt changes from 2.9.5+ version into ptest patch
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
---
.../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +-
.../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 ----------
.../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 -------
.../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 --
.../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ---
.../libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 --
.../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ----
.../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ----------
.../libxml2/libxml2-fix_NULL_pointer_derefs.patch | 45 --
...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 ---------------------
.../libxml2/libxml2-fix_node_comparison.patch | 67 ---
meta/recipes-core/libxml/libxml2/runtest.patch | 34 +-
.../libxml/{libxml2_2.9.4.bb => libxml2_2.9.6.bb} | 18 +-
13 files changed, 15 insertions(+), 1723 deletions(-)
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
rename meta/recipes-core/libxml/{libxml2_2.9.4.bb => libxml2_2.9.6.bb} (86%)
diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
index 3277165..d9ed151 100644
--- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
+++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
@@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644
- echo "*** If you have an old version installed, it is best to remove it, although"
- echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ],
- [ echo "*** The test program failed to compile or link. See the file config.log for the"
-- echo "*** exact error that occured. This usually means LIBXML was incorrectly installed"
+- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed"
- echo "*** or that you have moved LIBXML since it was installed. In the latter case, you"
- echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ])
- CPPFLAGS="$ac_save_CPPFLAGS"
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
deleted file mode 100644
index bb55eed..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
+++ /dev/null
@@ -1,269 +0,0 @@
-libxml2-2.9.4: Fix CVE-2016-4658
-
-[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658
-
-xpointer: Disallow namespace nodes in XPointer points and ranges
-
-Namespace nodes must be copied to avoid use-after-free errors.
-But they don't necessarily have a physical representation in a
-document, so simply disallow them in XPointer ranges.
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=3f8a91036d338e51c059d54397a42d645f019c65]
-CVE: CVE-2016-4658
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..911680d 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
- }
-
- /**
-+ * xmlXPtrNewRangeInternal:
-+ * @start: the starting node
-+ * @startindex: the start index
-+ * @end: the ending point
-+ * @endindex: the ending index
-+ *
-+ * Internal function to create a new xmlXPathObjectPtr of type range
-+ *
-+ * Returns the newly created object.
-+ */
-+static xmlXPathObjectPtr
-+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
-+ xmlNodePtr end, int endindex) {
-+ xmlXPathObjectPtr ret;
-+
-+ /*
-+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
-+ * Disallow them for now.
-+ */
-+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+
-+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-+ if (ret == NULL) {
-+ xmlXPtrErrMemory("allocating range");
-+ return(NULL);
-+ }
-+ memset(ret, 0, sizeof(xmlXPathObject));
-+ ret->type = XPATH_RANGE;
-+ ret->user = start;
-+ ret->index = startindex;
-+ ret->user2 = end;
-+ ret->index2 = endindex;
-+ return(ret);
-+}
-+
-+/**
- * xmlXPtrNewRange:
- * @start: the starting node
- * @startindex: the start index
-@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
- if (endindex < 0)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = startindex;
-- ret->user2 = end;
-- ret->index2 = endindex;
-+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
-+ end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
- if (start->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
- if (end == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- if (start == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = NULL;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
- return(ret);
- }
-
-@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- */
- xmlXPathObjectPtr
- xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
-+ xmlNodePtr endNode;
-+ int endIndex;
- xmlXPathObjectPtr ret;
-
- if (start == NULL)
-@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- return(NULL);
- switch (end->type) {
- case XPATH_POINT:
-+ endNode = end->user;
-+ endIndex = end->index;
-+ break;
- case XPATH_RANGE:
-+ endNode = end->user2;
-+ endIndex = end->index2;
- break;
- case XPATH_NODESET:
- /*
-@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- */
- if (end->nodesetval->nodeNr <= 0)
- return(NULL);
-+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-+ endIndex = -1;
- break;
- default:
- /* TODO */
- return(NULL);
- }
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- switch (end->type) {
-- case XPATH_POINT:
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-- break;
-- case XPATH_RANGE:
-- ret->user2 = end->user2;
-- ret->index2 = end->index2;
-- break;
-- case XPATH_NODESET: {
-- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-- ret->index2 = -1;
-- break;
-- }
-- default:
-- STRANGE
-- return(NULL);
-- }
-+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
-@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user2;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
deleted file mode 100644
index 9d47d02..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
+++ /dev/null
@@ -1,180 +0,0 @@
-From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 14:22:23 +0200
-Subject: [PATCH] Fix XPointer paths beginning with range-to
-
-The old code would invoke the broken xmlXPtrRangeToFunction. range-to
-isn't really a function but a special kind of location step. Remove
-this function and always handle range-to in the XPath code.
-
-The old xmlXPtrRangeToFunction could also be abused to trigger a
-use-after-free error with the potential for remote code execution.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-5131.
-
-CVE: CVE-2016-5131
-Upstream-Status: Backport
-https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- result/XPath/xptr/vidbase | 13 ++++++++
- test/XPath/xptr/vidbase | 1 +
- xpath.c | 7 ++++-
- xpointer.c | 76 ++++-------------------------------------------
- 4 files changed, 26 insertions(+), 71 deletions(-)
-
-diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
-index 8b9e92d..f19193e 100644
---- a/result/XPath/xptr/vidbase
-+++ b/result/XPath/xptr/vidbase
-@@ -17,3 +17,16 @@ Object is a Location Set:
- To node
- ELEMENT p
-
-+
-+========================
-+Expression: xpointer(range-to(id('chapter2')))
-+Object is a Location Set:
-+1 : Object is a range :
-+ From node
-+ /
-+ To node
-+ ELEMENT chapter
-+ ATTRIBUTE id
-+ TEXT
-+ content=chapter2
-+
-diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
-index b146383..884b106 100644
---- a/test/XPath/xptr/vidbase
-+++ b/test/XPath/xptr/vidbase
-@@ -1,2 +1,3 @@
- xpointer(id('chapter1')/p)
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
-+xpointer(range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index d992841..5a01b1b 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
- lc = 1;
- break;
- } else if ((NXT(len) == '(')) {
-- /* Note Type or Function */
-+ /* Node Type or Function */
- if (xmlXPathIsNodeType(name)) {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
- "PathExpr: Type search\n");
- #endif
- lc = 1;
-+#ifdef LIBXML_XPTR_ENABLED
-+ } else if (ctxt->xptr &&
-+ xmlStrEqual(name, BAD_CAST "range-to")) {
-+ lc = 1;
-+#endif
- } else {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..d74174a 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
- ret->here = here;
- ret->origin = origin;
-
-- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
-- xmlXPtrRangeToFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range",
- xmlXPtrRangeFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
-@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- * @nargs: the number of args
- *
- * Implement the range-to() XPointer function
-+ *
-+ * Obsolete. range-to is not a real function but a special type of location
-+ * step which is handled in xpath.c.
- */
- void
--xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
-- xmlXPathObjectPtr range;
-- const xmlChar *cur;
-- xmlXPathObjectPtr res, obj;
-- xmlXPathObjectPtr tmp;
-- xmlLocationSetPtr newset = NULL;
-- xmlNodeSetPtr oldset;
-- int i;
--
-- if (ctxt == NULL) return;
-- CHECK_ARITY(1);
-- /*
-- * Save the expression pointer since we will have to evaluate
-- * it multiple times. Initialize the new set.
-- */
-- CHECK_TYPE(XPATH_NODESET);
-- obj = valuePop(ctxt);
-- oldset = obj->nodesetval;
-- ctxt->context->node = NULL;
--
-- cur = ctxt->cur;
-- newset = xmlXPtrLocationSetCreate(NULL);
--
-- for (i = 0; i < oldset->nodeNr; i++) {
-- ctxt->cur = cur;
--
-- /*
-- * Run the evaluation with a node list made of a single item
-- * in the nodeset.
-- */
-- ctxt->context->node = oldset->nodeTab[i];
-- tmp = xmlXPathNewNodeSet(ctxt->context->node);
-- valuePush(ctxt, tmp);
--
-- xmlXPathEvalExpr(ctxt);
-- CHECK_ERROR;
--
-- /*
-- * The result of the evaluation need to be tested to
-- * decided whether the filter succeeded or not
-- */
-- res = valuePop(ctxt);
-- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
-- if (range != NULL) {
-- xmlXPtrLocationSetAdd(newset, range);
-- }
--
-- /*
-- * Cleanup
-- */
-- if (res != NULL)
-- xmlXPathFreeObject(res);
-- if (ctxt->value == tmp) {
-- res = valuePop(ctxt);
-- xmlXPathFreeObject(res);
-- }
--
-- ctxt->context->node = NULL;
-- }
--
-- /*
-- * The result is used as the new evaluation set.
-- */
-- xmlXPathFreeObject(obj);
-- ctxt->context->node = NULL;
-- ctxt->context->contextSize = -1;
-- ctxt->context->proximityPosition = -1;
-- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
-+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
-+ int nargs ATTRIBUTE_UNUSED) {
-+ XP_ERROR(XPATH_EXPR_ERROR);
- }
-
- /**
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
deleted file mode 100644
index 0108265..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-libxml2: Fix CVE-2017-0663
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
-
-valid: Fix type confusion in xmlValidateOneNamespace
-
-Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
-on namespace declarations make no practical sense anyway.
-
-Fixes bug 780228
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
-CVE: CVE-2017-0663
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..e03d35e 100644
---- a/valid.c
-+++ b/valid.c
-@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- }
- }
-
-+ /*
-+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
-+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
-+ * no practical sense to use ID types anyway.
-+ */
-+#if 0
- /* Validity Constraint: ID uniqueness */
- if (attrDecl->atype == XML_ATTRIBUTE_ID) {
- if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
-@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
- ret = 0;
- }
-+#endif
-
- /* Validity Constraint: Notation Attributes */
- if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
deleted file mode 100644
index 571b05c..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-5969
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
-
-valid: Fix NULL pointer deref in xmlDumpElementContent
-
-Can only be triggered in recovery mode.
-
-Fixes bug 758422
-
-Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882]
-CVE: CVE-2017-5969
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..0a8e58a 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
- xmlBufferWriteCHAR(buf, content->name);
- break;
- case XML_ELEMENT_CONTENT_SEQ:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " , ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
- break;
- case XML_ELEMENT_CONTENT_OR:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " | ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
deleted file mode 100644
index 26779aa..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Wed, 23 Aug 2017 16:04:49 +0800
-Subject: [PATCH] fix CVE-2017-8872
-
-this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
-il too here.
-
-this seems to cure this specific issue, and also passes the testsuite
-
-Signed-off-by: Marcus Meissner <meissner@suse.de>
-
-https://bugzilla.gnome.org/show_bug.cgi?id=775200
-Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- parser.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/parser.c b/parser.c
-index 9506ead..6c07ffd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
- }
- ctxt->input->cur = BAD_CAST"";
- ctxt->input->base = ctxt->input->cur;
-+ if (ctxt->input->buf) {
-+ xmlBufEmpty (ctxt->input->buf->buffer);
-+ } else
-+ ctxt->input->length = 0;
- }
- }
-
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
deleted file mode 100644
index 8b03456..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781701
-
-valid: Fix buffer size checks in xmlSnprintfElementContent
-
-xmlSnprintfElementContent failed to correctly check the available
-buffer space in two locations.
-
-Fixes bug 781333 and bug 781701
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9047 CVE-2017-9048
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/result/valid/781333.xml b/result/valid/781333.xml
-new file mode 100644
-index 0000000..01baf11
---- /dev/null
-+++ b/result/valid/781333.xml
-@@ -0,0 +1,5 @@
-+<?xml version="1.0"?>
-+<!DOCTYPE a [
-+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
lllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
-new file mode 100644
-index 0000000..2176200
---- /dev/null
-+++ b/result/valid/781333.xml.err
-@@ -0,0 +1,3 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
-new file mode 100644
-index 0000000..1195a04
---- /dev/null
-+++ b/result/valid/781333.xml.err.rdr
-@@ -0,0 +1,6 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
-+
-+^
-diff --git a/test/valid/781333.xml b/test/valid/781333.xml
-new file mode 100644
-index 0000000..bceac9c
---- /dev/null
-+++ b/test/valid/781333.xml
-@@ -0,0 +1,4 @@
-+<!DOCTYPE a [
-+ <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
lllllllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/valid.c b/valid.c
-index 19f84b8..aaa30f6 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- case XML_ELEMENT_CONTENT_PCDATA:
- strcat(buf, "#PCDATA");
- break;
-- case XML_ELEMENT_CONTENT_ELEMENT:
-+ case XML_ELEMENT_CONTENT_ELEMENT: {
-+ int qnameLen = xmlStrlen(content->name);
-+
-+ if (content->prefix != NULL)
-+ qnameLen += xmlStrlen(content->prefix) + 1;
-+ if (size - len < qnameLen + 10) {
-+ strcat(buf, " ...");
-+ return;
-+ }
- if (content->prefix != NULL) {
-- if (size - len < xmlStrlen(content->prefix) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- strcat(buf, (char *) content->prefix);
- strcat(buf, ":");
- }
-- if (size - len < xmlStrlen(content->name) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- if (content->name != NULL)
- strcat(buf, (char *) content->name);
- break;
-+ }
- case XML_ELEMENT_CONTENT_SEQ:
- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- xmlSnprintfElementContent(buf, size, content->c2, 0);
- break;
- }
-+ if (size - strlen(buf) <= 2) return;
- if (englob)
- strcat(buf, ")");
- switch (content->ocur) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
deleted file mode 100644
index 591075d..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
+++ /dev/null
@@ -1,291 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781205
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781361
-
-parser: Fix handling of parameter-entity references
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-Percent sign in DTD Names
-=========================
-
-The NEXTL macro used to call xmlParserHandlePEReference. When parsing
-"complex" names inside the DTD, this could result in entity expansion
-which created a new input buffer. The fix is to simply remove the call
-to xmlParserHandlePEReference from the NEXTL macro. This is safe because
-no users of the macro require expansion of parameter entities.
-
-- xmlParseNameComplex
-- xmlParseNCNameComplex
-- xmlParseNmtoken
-
-The percent sign is not allowed in names, which are grammatical tokens.
-
-- xmlParseEntityValue
-
-Parameter-entity references in entity values are expanded but this
-happens in a separate step in this function.
-
-- xmlParseSystemLiteral
-
-Parameter-entity references are ignored in the system literal.
-
-- xmlParseAttValueComplex
-- xmlParseCharDataComplex
-- xmlParseCommentComplex
-- xmlParsePI
-- xmlParseCDSect
-
-Parameter-entity references are ignored outside the DTD.
-
-- xmlLoadEntityContent
-
-This function is only called from xmlStringLenDecodeEntities and
-entities are replaced in a separate step immediately after the function
-call.
-
-This bug could also be triggered with an internal subset and double
-entity expansion.
-
-This fixes bug 766956 initially reported by Wei Lei and independently by
-Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
-involved.
-
-xmlParseNameComplex with XML_PARSE_OLD10
-========================================
-
-When parsing Names inside an expanded parameter entity with the
-XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
-GROW macro if the input buffer was exhausted. At the end of the
-parameter entity's replacement text, this function would then call
-xmlPopInput which invalidated the input buffer.
-
-There should be no need to invoke GROW in this situation because the
-buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
-at least for UTF-8, in xmlCurrentChar. This also matches the code path
-executed when XML_PARSE_OLD10 is not set.
-
-This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
-Thanks to Marcel Böhme and Thuan Pham for the report.
-
-Additional hardening
-====================
-
-A separate check was added in xmlParseNameComplex to validate the
-buffer size.
-
-Fixes bug 781205 and bug 781361
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9049 CVE-2017-9050
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/Makefile.am b/Makefile.am
-index 9f988b0..dab15a4 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
- if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
- rm result.$$name error.$$name ; \
- fi ; fi ; done)
-+ @echo "## Error cases regression tests (old 1.0)"
-+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
-+ name=`basename $$i`; \
-+ if [ ! -d $$i ] ; then \
-+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
-+ echo New test file $$name ; \
-+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
-+ 2> $(srcdir)/result/errors10/$$name.err \
-+ > $(srcdir)/result/errors10/$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ else \
-+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ diff $(srcdir)/result/errors10/$$name result.$$name ; \
-+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
-+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
-+ rm result.$$name error.$$name ; \
-+ fi ; fi ; done)
- @echo "## Error cases stream regression tests"
- -@(for i in $(srcdir)/test/errors/*.xml ; do \
- name=`basename $$i`; \
-diff --git a/parser.c b/parser.c
-index 609a270..8e11c12 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
- ctxt->input->line++; ctxt->input->col = 1; \
- } else ctxt->input->col++; \
- ctxt->input->cur += l; \
-- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
- } while (0)
-
- #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
-@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- len += l;
- NEXTL(l);
- c = CUR_CHAR(l);
-- if (c == 0) {
-- count = 0;
-- GROW;
-- if (ctxt->instate == XML_PARSER_EOF)
-- return(NULL);
-- c = CUR_CHAR(l);
-- }
- }
- }
- if ((len > XML_MAX_NAME_LENGTH) &&
-@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
- return(NULL);
- }
-+ if (ctxt->input->cur - ctxt->input->base < len) {
-+ /*
-+ * There were a couple of bugs where PERefs lead to to a change
-+ * of the buffer. Check the buffer size to avoid passing an invalid
-+ * pointer to xmlDictLookup.
-+ */
-+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
-+ "unexpected change of input buffer");
-+ return (NULL);
-+ }
- if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
-diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
-new file mode 100644
-index 0000000..da15c3f
---- /dev/null
-+++ b/result/errors10/781205.xml.err
-@@ -0,0 +1,21 @@
-+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+Entity: line 1: parser error : DOCTYPE improperly terminated
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+namespace error : Failed to parse QName ':0000'
-+ %a;
-+ ^
-+<:0000
-+ ^
-+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
-+
-+^
-diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
-new file mode 100644
-index 0000000..655f41a
---- /dev/null
-+++ b/result/errors10/781361.xml.err
-@@ -0,0 +1,13 @@
-+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
-+
-+^
-+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+
-+^
-+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
-+
-+^
-+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
-+
-+^
-diff --git a/result/valid/766956.xml b/result/valid/766956.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
-new file mode 100644
-index 0000000..34b1dae
---- /dev/null
-+++ b/result/valid/766956.xml.err
-@@ -0,0 +1,9 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
-new file mode 100644
-index 0000000..7760346
---- /dev/null
-+++ b/result/valid/766956.xml.err.rdr
-@@ -0,0 +1,10 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-+./test/valid/766956.xml : failed to parse
-diff --git a/runtest.c b/runtest.c
-index bb74d2a..63e8c20 100644
---- a/runtest.c
-+++ b/runtest.c
-@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
- { "Error cases regression tests",
- errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
- 0 },
-+ { "Error cases regression tests (old 1.0)",
-+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
-+ XML_PARSE_OLD10 },
- #ifdef LIBXML_READER_ENABLED
- { "Error cases stream regression tests",
- streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
-diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
-new file mode 100644
-index 0000000..d9e9e83
---- /dev/null
-+++ b/test/errors10/781205.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE D [
-+ <!ENTITY % a "<:0000">
-+ %a;
-diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
-new file mode 100644
-index 0000000..67476bc
---- /dev/null
-+++ b/test/errors10/781361.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE doc [
-+ <!ENTITY % elem "<!ELEMENT e0000000000">
-+ %elem;
-diff --git a/test/valid/766956.xml b/test/valid/766956.xml
-new file mode 100644
-index 0000000..19a95a0
---- /dev/null
-+++ b/test/valid/766956.xml
-@@ -0,0 +1,2 @@
-+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
-+<test/>
-diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
-new file mode 100644
-index 0000000..dddde68
---- /dev/null
-+++ b/test/valid/dtds/766956.dtd
-@@ -0,0 +1,2 @@
-+<!ENTITY % ent "value">
-+%ä%ent;
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
deleted file mode 100644
index c60e32f..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-libxml2-2.9.4: Fix more NULL pointer derefs
-
-xpointer: Fix more NULL pointer derefs
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..074db24 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- /*
- * Empty set ...
- */
-- if (end->nodesetval->nodeNr <= 0)
-+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
- return(NULL);
- break;
- default:
-@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
- */
- xmlNodeSetPtr set;
- set = tmp->nodesetval;
-- if ((set->nodeNr != 1) ||
-+ if ((set == NULL) || (set->nodeNr != 1) ||
- (set->nodeTab[0] != (xmlNodePtr) ctx->doc))
- stack++;
- } else
-@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- xmlXPathFreeObject(set);
- XP_ERROR(XPATH_MEMORY_ERROR);
- }
-- for (i = 0;i < oldset->locNr;i++) {
-- xmlXPtrLocationSetAdd(newset,
-- xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ if (oldset != NULL) {
-+ for (i = 0;i < oldset->locNr;i++) {
-+ xmlXPtrLocationSetAdd(newset,
-+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ }
- }
-
- /*
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
deleted file mode 100644
index faa5770..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
+++ /dev/null
@@ -1,590 +0,0 @@
-libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2
-
-[No upstream tracking]
-
-parser: Avoid reparsing in xmlParseStartTag2
-
-The code in xmlParseStartTag2 must handle the case that the input
-buffer was grown and reallocated which can invalidate pointers to
-attribute values. Before, this was handled by detecting changes of
-the input buffer "base" pointer and, in case of a change, jumping
-back to the beginning of the function and reparsing the start tag.
-
-The major problem of this approach is that whether an input buffer is
-reallocated is nondeterministic, resulting in seemingly random test
-failures. See the mailing list thread "runtest mystery bug: name2.xml
-error case regression test" from 2012, for example.
-
-If a reallocation was detected, the code also made no attempts to
-continue parsing in case of errors which makes a difference in
-the lax "recover" mode.
-
-Now we store the current input buffer "base" pointer for each (not
-separately allocated) attribute in the namespace URI field, which isn't
-used until later. After the whole start tag was parsed, the pointers to
-the attribute values are reconstructed using the offset between the
-new and the old input buffer. This relies on arithmetic on dangling
-pointers which is technically undefined behavior. But it seems like
-the easiest and most efficient fix and a similar approach is used in
-xmlParserInputGrow.
-
-This changes the error output of several tests, typically making it
-more verbose because we try harder to continue parsing in case of errors.
-
-(Another possible solution is to check not only the "base" pointer
-but the size of the input buffer as well. But this would result in
-even more reparsing.)
-
-Remove some goto labels and deduplicate a bit of code after handling
-namespaces.
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349]
- - [https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/parser.c b/parser.c
-index 609a270..74016e3 100644
---- a/parser.c
-+++ b/parser.c
-@@ -43,6 +43,7 @@
- #include <limits.h>
- #include <string.h>
- #include <stdarg.h>
-+#include <stddef.h>
- #include <libxml/xmlmemory.h>
- #include <libxml/threads.h>
- #include <libxml/globals.h>
-@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
- const xmlChar **atts = ctxt->atts;
- int maxatts = ctxt->maxatts;
- int nratts, nbatts, nbdef;
-- int i, j, nbNs, attval, oldline, oldcol, inputNr;
-- const xmlChar *base;
-+ int i, j, nbNs, attval;
- unsigned long cur;
- int nsNr = ctxt->nsNr;
-
-@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
- * The Shrinking is only possible once the full set of attribute
- * callbacks have been done.
- */
--reparse:
- SHRINK;
-- base = ctxt->input->base;
- cur = ctxt->input->cur - ctxt->input->base;
-- inputNr = ctxt->inputNr;
-- oldline = ctxt->input->line;
-- oldcol = ctxt->input->col;
- nbatts = 0;
- nratts = 0;
- nbdef = 0;
-@@ -9422,8 +9417,6 @@ reparse:
- */
- SKIP_BLANKS;
- GROW;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-
- while (((RAW != '>') &&
- ((RAW != '/') || (NXT(1) != '>')) &&
-@@ -9434,203 +9427,174 @@ reparse:
-
- attname = xmlParseAttribute2(ctxt, prefix, localname,
- &aprefix, &attvalue, &len, &alloc);
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
-- if ((attvalue != NULL) && (alloc != 0))
-- xmlFree(attvalue);
-- attvalue = NULL;
-- goto base_changed;
-- }
-- if ((attname != NULL) && (attvalue != NULL)) {
-- if (len < 0) len = xmlStrlen(attvalue);
-- if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
-- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-- xmlURIPtr uri;
--
-- if (URL == NULL) {
-- xmlErrMemory(ctxt, "dictionary allocation failure");
-- if ((attvalue != NULL) && (alloc != 0))
-- xmlFree(attvalue);
-- return(NULL);
-- }
-- if (*URL != 0) {
-- uri = xmlParseURI((const char *) URL);
-- if (uri == NULL) {
-- xmlNsErr(ctxt, XML_WAR_NS_URI,
-- "xmlns: '%s' is not a valid URI\n",
-- URL, NULL, NULL);
-- } else {
-- if (uri->scheme == NULL) {
-- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-- "xmlns: URI %s is not absolute\n",
-- URL, NULL, NULL);
-- }
-- xmlFreeURI(uri);
-- }
-- if (URL == ctxt->str_xml_ns) {
-- if (attname != ctxt->str_xml) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace URI cannot be the default namespace\n",
-- NULL, NULL, NULL);
-- }
-- goto skip_default_ns;
-- }
-- if ((len == 29) &&
-- (xmlStrEqual(URL,
-- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "reuse of the xmlns namespace name is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_default_ns;
-- }
-- }
-- /*
-- * check that it's not a defined namespace
-- */
-- for (j = 1;j <= nbNs;j++)
-- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
-- break;
-- if (j <= nbNs)
-- xmlErrAttributeDup(ctxt, NULL, attname);
-- else
-- if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
--skip_default_ns:
-- if ((attvalue != NULL) && (alloc != 0)) {
-- xmlFree(attvalue);
-- attvalue = NULL;
-- }
-- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
-- break;
-- if (!IS_BLANK_CH(RAW)) {
-- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
-- "attributes construct error\n");
-- break;
-- }
-- SKIP_BLANKS;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-- continue;
-- }
-- if (aprefix == ctxt->str_xmlns) {
-- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-- xmlURIPtr uri;
--
-- if (attname == ctxt->str_xml) {
-- if (URL != ctxt->str_xml_ns) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace prefix mapped to wrong URI\n",
-- NULL, NULL, NULL);
-- }
-- /*
-- * Do not keep a namespace definition node
-- */
-- goto skip_ns;
-- }
-+ if ((attname == NULL) || (attvalue == NULL))
-+ goto next_attr;
-+ if (len < 0) len = xmlStrlen(attvalue);
-+
-+ if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
-+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+ xmlURIPtr uri;
-+
-+ if (URL == NULL) {
-+ xmlErrMemory(ctxt, "dictionary allocation failure");
-+ if ((attvalue != NULL) && (alloc != 0))
-+ xmlFree(attvalue);
-+ return(NULL);
-+ }
-+ if (*URL != 0) {
-+ uri = xmlParseURI((const char *) URL);
-+ if (uri == NULL) {
-+ xmlNsErr(ctxt, XML_WAR_NS_URI,
-+ "xmlns: '%s' is not a valid URI\n",
-+ URL, NULL, NULL);
-+ } else {
-+ if (uri->scheme == NULL) {
-+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+ "xmlns: URI %s is not absolute\n",
-+ URL, NULL, NULL);
-+ }
-+ xmlFreeURI(uri);
-+ }
- if (URL == ctxt->str_xml_ns) {
-- if (attname != ctxt->str_xml) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace URI mapped to wrong prefix\n",
-- NULL, NULL, NULL);
-- }
-- goto skip_ns;
-- }
-- if (attname == ctxt->str_xmlns) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "redefinition of the xmlns prefix is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_ns;
-- }
-- if ((len == 29) &&
-- (xmlStrEqual(URL,
-- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "reuse of the xmlns namespace name is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_ns;
-- }
-- if ((URL == NULL) || (URL[0] == 0)) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xmlns:%s: Empty XML namespace is not allowed\n",
-- attname, NULL, NULL);
-- goto skip_ns;
-- } else {
-- uri = xmlParseURI((const char *) URL);
-- if (uri == NULL) {
-- xmlNsErr(ctxt, XML_WAR_NS_URI,
-- "xmlns:%s: '%s' is not a valid URI\n",
-- attname, URL, NULL);
-- } else {
-- if ((ctxt->pedantic) && (uri->scheme == NULL)) {
-- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-- "xmlns:%s: URI %s is not absolute\n",
-- attname, URL, NULL);
-- }
-- xmlFreeURI(uri);
-- }
-- }
--
-- /*
-- * check that it's not a defined namespace
-- */
-- for (j = 1;j <= nbNs;j++)
-- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
-- break;
-- if (j <= nbNs)
-- xmlErrAttributeDup(ctxt, aprefix, attname);
-- else
-- if (nsPush(ctxt, attname, URL) > 0) nbNs++;
--skip_ns:
-- if ((attvalue != NULL) && (alloc != 0)) {
-- xmlFree(attvalue);
-- attvalue = NULL;
-- }
-- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
-- break;
-- if (!IS_BLANK_CH(RAW)) {
-- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
-- "attributes construct error\n");
-- break;
-- }
-- SKIP_BLANKS;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-- continue;
-- }
-+ if (attname != ctxt->str_xml) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace URI cannot be the default namespace\n",
-+ NULL, NULL, NULL);
-+ }
-+ goto next_attr;
-+ }
-+ if ((len == 29) &&
-+ (xmlStrEqual(URL,
-+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "reuse of the xmlns namespace name is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ }
-+ /*
-+ * check that it's not a defined namespace
-+ */
-+ for (j = 1;j <= nbNs;j++)
-+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
-+ break;
-+ if (j <= nbNs)
-+ xmlErrAttributeDup(ctxt, NULL, attname);
-+ else
-+ if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
-+
-+ } else if (aprefix == ctxt->str_xmlns) {
-+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+ xmlURIPtr uri;
-+
-+ if (attname == ctxt->str_xml) {
-+ if (URL != ctxt->str_xml_ns) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace prefix mapped to wrong URI\n",
-+ NULL, NULL, NULL);
-+ }
-+ /*
-+ * Do not keep a namespace definition node
-+ */
-+ goto next_attr;
-+ }
-+ if (URL == ctxt->str_xml_ns) {
-+ if (attname != ctxt->str_xml) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace URI mapped to wrong prefix\n",
-+ NULL, NULL, NULL);
-+ }
-+ goto next_attr;
-+ }
-+ if (attname == ctxt->str_xmlns) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "redefinition of the xmlns prefix is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ if ((len == 29) &&
-+ (xmlStrEqual(URL,
-+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "reuse of the xmlns namespace name is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ if ((URL == NULL) || (URL[0] == 0)) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xmlns:%s: Empty XML namespace is not allowed\n",
-+ attname, NULL, NULL);
-+ goto next_attr;
-+ } else {
-+ uri = xmlParseURI((const char *) URL);
-+ if (uri == NULL) {
-+ xmlNsErr(ctxt, XML_WAR_NS_URI,
-+ "xmlns:%s: '%s' is not a valid URI\n",
-+ attname, URL, NULL);
-+ } else {
-+ if ((ctxt->pedantic) && (uri->scheme == NULL)) {
-+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+ "xmlns:%s: URI %s is not absolute\n",
-+ attname, URL, NULL);
-+ }
-+ xmlFreeURI(uri);
-+ }
-+ }
-
-- /*
-- * Add the pair to atts
-- */
-- if ((atts == NULL) || (nbatts + 5 > maxatts)) {
-- if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
-- if (attvalue[len] == 0)
-- xmlFree(attvalue);
-- goto failed;
-- }
-- maxatts = ctxt->maxatts;
-- atts = ctxt->atts;
-- }
-- ctxt->attallocs[nratts++] = alloc;
-- atts[nbatts++] = attname;
-- atts[nbatts++] = aprefix;
-- atts[nbatts++] = NULL; /* the URI will be fetched later */
-- atts[nbatts++] = attvalue;
-- attvalue += len;
-- atts[nbatts++] = attvalue;
-- /*
-- * tag if some deallocation is needed
-- */
-- if (alloc != 0) attval = 1;
-- } else {
-- if ((attvalue != NULL) && (attvalue[len] == 0))
-- xmlFree(attvalue);
-- }
-+ /*
-+ * check that it's not a defined namespace
-+ */
-+ for (j = 1;j <= nbNs;j++)
-+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
-+ break;
-+ if (j <= nbNs)
-+ xmlErrAttributeDup(ctxt, aprefix, attname);
-+ else
-+ if (nsPush(ctxt, attname, URL) > 0) nbNs++;
-+
-+ } else {
-+ /*
-+ * Add the pair to atts
-+ */
-+ if ((atts == NULL) || (nbatts + 5 > maxatts)) {
-+ if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
-+ goto next_attr;
-+ }
-+ maxatts = ctxt->maxatts;
-+ atts = ctxt->atts;
-+ }
-+ ctxt->attallocs[nratts++] = alloc;
-+ atts[nbatts++] = attname;
-+ atts[nbatts++] = aprefix;
-+ /*
-+ * The namespace URI field is used temporarily to point at the
-+ * base of the current input buffer for non-alloced attributes.
-+ * When the input buffer is reallocated, all the pointers become
-+ * invalid, but they can be reconstructed later.
-+ */
-+ if (alloc)
-+ atts[nbatts++] = NULL;
-+ else
-+ atts[nbatts++] = ctxt->input->base;
-+ atts[nbatts++] = attvalue;
-+ attvalue += len;
-+ atts[nbatts++] = attvalue;
-+ /*
-+ * tag if some deallocation is needed
-+ */
-+ if (alloc != 0) attval = 1;
-+ attvalue = NULL; /* moved into atts */
-+ }
-
--failed:
-+next_attr:
-+ if ((attvalue != NULL) && (alloc != 0)) {
-+ xmlFree(attvalue);
-+ attvalue = NULL;
-+ }
-
- GROW
- if (ctxt->instate == XML_PARSER_EOF)
- break;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
- break;
- if (!IS_BLANK_CH(RAW)) {
-@@ -9646,8 +9610,20 @@ failed:
- break;
- }
- GROW;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-+ }
-+
-+ /* Reconstruct attribute value pointers. */
-+ for (i = 0, j = 0; j < nratts; i += 5, j++) {
-+ if (atts[i+2] != NULL) {
-+ /*
-+ * Arithmetic on dangling pointers is technically undefined
-+ * behavior, but well...
-+ */
-+ ptrdiff_t offset = ctxt->input->base - atts[i+2];
-+ atts[i+2] = NULL; /* Reset repurposed namespace URI */
-+ atts[i+3] += offset; /* value */
-+ atts[i+4] += offset; /* valuend */
-+ }
- }
-
- /*
-@@ -9804,34 +9780,6 @@ failed:
- }
-
- return(localname);
--
--base_changed:
-- /*
-- * the attribute strings are valid iif the base didn't changed
-- */
-- if (attval != 0) {
-- for (i = 3,j = 0; j < nratts;i += 5,j++)
-- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
-- xmlFree((xmlChar *) atts[i]);
-- }
--
-- /*
-- * We can't switch from one entity to another in the middle
-- * of a start tag
-- */
-- if (inputNr != ctxt->inputNr) {
-- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
-- "Start tag doesn't start and stop in the same entity\n");
-- return(NULL);
-- }
--
-- ctxt->input->cur = ctxt->input->base + cur;
-- ctxt->input->line = oldline;
-- ctxt->input->col = oldcol;
-- if (ctxt->wellFormed == 1) {
-- goto reparse;
-- }
-- return(NULL);
- }
-
- /**
-diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err
-index e08d9bf..f6036a3 100644
---- a/result/errors/759398.xml.err
-+++ b/result/errors/759398.xml.err
-@@ -1,9 +1,12 @@
- ./test/errors/759398.xml:210: parser error : StartTag: invalid element name
- need to worry about parsers whi<! don't expand PErefs finding
- ^
--./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: spec line 50 and termdef
-+./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââm line 308 and termdef
- and provide access to their content and structure.</termdef> <termdef
- ^
--./test/errors/759398.xml:309: parser error : Extra content at the end of the document
--and provide access to their content and structure.</termdef> <termdef
-- ^
-+./test/errors/759398.xml:314: parser error : Opening and ending tag mismatch: spec line 50 and p
-+data and the information it must provide to the application.</p>
-+ ^
-+./test/errors/759398.xml:316: parser error : Extra content at the end of the document
-+<div2 id='sec-origin-goals'>
-+^
-diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err
-index 4f08538..c4c4fc8 100644
---- a/result/errors/attr1.xml.err
-+++ b/result/errors/attr1.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr1.xml:2: parser error : AttValue: ' expected
-
- ^
--./test/errors/attr1.xml:1: parser error : Extra content at the end of the document
--<foo foo="oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr1.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr1.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/attr2.xml.err b/result/errors/attr2.xml.err
-index c8a9c7d..77e342e 100644
---- a/result/errors/attr2.xml.err
-+++ b/result/errors/attr2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr2.xml:2: parser error : AttValue: ' expected
-
- ^
--./test/errors/attr2.xml:1: parser error : Extra content at the end of the document
--<foo foo=">ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err
-index a6649a1..8a6acee 100644
---- a/result/errors/name2.xml.err
-+++ b/result/errors/name2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/name2.xml:2: parser error : Specification mandate value for attribute foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-
- ^
--./test/errors/name2.xml:1: parser error : Extra content at the end of the document
--<foo foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/name2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/name2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
deleted file mode 100644
index 65f6bef..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-libxml2-2.9.4: Fix comparison with root node in xmlXPathCmpNodes and NULL pointer deref in XPointer
-
-xpath:
- - Check for errors after evaluating first operand.
- - Add sanity check for empty stack.
- - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8]
-CVE: CVE-2016-5131
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
-new file mode 100644
-index 0000000..d589882
---- /dev/null
-+++ b/result/XPath/xptr/viderror
-@@ -0,0 +1,4 @@
-+
-+========================
-+Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
-+Object is empty (NULL)
-diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
-new file mode 100644
-index 0000000..da8c53b
---- /dev/null
-+++ b/test/XPath/xptr/viderror
-@@ -0,0 +1 @@
-+xpointer(non-existing-fn()/range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index 113bce6..d992841 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
- * compute depth to root
- */
- for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node1)
-+ if (cur->parent == node1)
- return(1);
- depth2++;
- }
- root = cur;
- for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node2)
-+ if (cur->parent == node2)
- return(-1);
- depth1++;
- }
-@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- xmlNodeSetPtr oldset;
- int i, j;
-
-- if (op->ch1 != -1)
-+ if (op->ch1 != -1) {
- total +=
- xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
-+ CHECK_ERROR0;
-+ }
-+ if (ctxt->value == NULL) {
-+ XP_ERROR0(XPATH_INVALID_OPERAND);
-+ }
- if (op->ch2 == -1)
- return (total);
-
diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch b/meta/recipes-core/libxml/libxml2/runtest.patch
index 6e56857..cb171d5 100644
--- a/meta/recipes-core/libxml/libxml2/runtest.patch
+++ b/meta/recipes-core/libxml/libxml2/runtest.patch
@@ -2,47 +2,29 @@ Add 'install-ptest' rule.
Print a standard result line for each test.
Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
-Signed-off-by: Andrej Valek <andrej.valek@enea.com>
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Upstream-Status: Backport
diff -uNr a/Makefile.am b/Makefile.am
---- a/Makefile.am 2016-05-22 03:49:02.000000000 +0200
-+++ b/Makefile.am 2017-06-14 10:38:43.381305385 +0200
-@@ -202,10 +202,24 @@
+--- a/Makefile.am 2017-08-28 15:01:14.000000000 +0200
++++ b/Makefile.am 2017-09-05 08:06:05.752287323 +0200
+@@ -202,6 +202,15 @@
#testOOM_DEPENDENCIES = $(DEPS)
#testOOM_LDADD= $(LDADDS)
+install-ptest:
+ @(if [ -d .libs ] ; then cd .libs; fi; \
-+ install $(noinst_PROGRAMS) $(DESTDIR))
++ install $(check_PROGRAMS) $(DESTDIR))
+ cp -r $(srcdir)/test $(DESTDIR)
+ cp -r $(srcdir)/result $(DESTDIR)
+ cp -r $(srcdir)/python $(DESTDIR)
+ cp Makefile $(DESTDIR)
+ sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile
+
- runtests:
+ runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \
+ testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT)
[ -d test ] || $(LN_S) $(srcdir)/test .
- [ -d result ] || $(LN_S) $(srcdir)/result .
-- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
-+ $(CHECKER) ./runtest$(EXEEXT) && \
-+ $(CHECKER) ./testrecurse$(EXEEXT) && \
-+ ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) ./testapi$(EXEEXT) && \
-+ $(CHECKER) ./testchar$(EXEEXT) && \
-+ $(CHECKER) ./testdict$(EXEEXT) && \
-+ $(CHECKER) ./runxmlconf$(EXEEXT)
- @(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \
- $(MAKE) tests ; fi)
-
-@@ -229,7 +243,7 @@
-
- APItests: testapi$(EXEEXT)
- @echo "## Running the API regression tests this may take a little while"
-- -@($(CHECKER) $(top_builddir)/testapi -q)
-+ -@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) $(top_builddir)/testapi -q)
-
- HTMLtests : testHTML$(EXEEXT)
- @(echo > .memdump)
+
diff -uNr a/runsuite.c b/runsuite.c
--- a/runsuite.c 2013-04-12 16:17:11.462823238 +0200
+++ b/runsuite.c 2013-04-17 14:07:24.352693211 +0200
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.6.bb
similarity index 86%
rename from meta/recipes-core/libxml/libxml2_2.9.4.bb
rename to meta/recipes-core/libxml/libxml2_2.9.6.bb
index ec2d25a..6b294f7 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.6.bb
@@ -19,21 +19,11 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
file://run-ptest \
file://python-sitepackages-dir.patch \
file://libxml-m4-use-pkgconfig.patch \
- file://libxml2-fix_node_comparison.patch \
- file://libxml2-CVE-2016-5131.patch \
- file://libxml2-CVE-2016-4658.patch \
- file://libxml2-fix_NULL_pointer_derefs.patch \
- file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
- file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
- file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
- file://libxml2-CVE-2017-5969.patch \
- file://libxml2-CVE-2017-0663.patch \
- file://libxml2-CVE-2017-8872.patch \
file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
"
-SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
-SRC_URI[libtar.sha256sum] = "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c"
+SRC_URI[libtar.md5sum] = "dbae8327d8471941bf0472e273473e36"
+SRC_URI[libtar.sha256sum] = "8b9038cca7240e881d462ea391882092dfdc6d4f483f72683e817be08df5ebbc"
SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a"
SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
@@ -81,6 +71,10 @@ do_configure_prepend () {
find ${WORKDIR}/xmlconf/ -type f -exec chmod -x {} \+
}
+do_compile_ptest() {
+ oe_runmake check-am
+}
+
do_install_ptest () {
cp -r ${WORKDIR}/xmlconf ${D}${PTEST_PATH}
if [ "${@bb.utils.filter('PACKAGECONFIG', 'python', d)}" ]; then
--
2.1.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH v5] libxml2: 2.9.4 -> 2.9.6
2017-10-09 6:29 ` [PATCH v4] " Andrej Valek
@ 2017-10-31 7:03 ` Andrej Valek
2017-11-03 7:12 ` [PATCH v6] libxml2: 2.9.4 -> 2.9.7 Andrej Valek
1 sibling, 0 replies; 24+ messages in thread
From: Andrej Valek @ 2017-10-31 7:03 UTC (permalink / raw)
To: openembedded-core
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=UTF-8, Size: 91396 bytes --]
- remove backported patches (CVE-* and fix-*)
- adapt changes from 2.9.5+ version into ptest patch
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
---
.../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +-
.../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 ----------
.../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 -------
.../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 --
.../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ---
.../libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 --
.../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ----
.../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ----------
.../libxml2/libxml2-fix_NULL_pointer_derefs.patch | 45 --
...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 ---------------------
.../libxml2/libxml2-fix_node_comparison.patch | 67 ---
meta/recipes-core/libxml/libxml2/runtest.patch | 34 +-
.../libxml/{libxml2_2.9.4.bb => libxml2_2.9.6.bb} | 18 +-
13 files changed, 15 insertions(+), 1723 deletions(-)
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
rename meta/recipes-core/libxml/{libxml2_2.9.4.bb => libxml2_2.9.6.bb} (86%)
diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
index 3277165..d9ed151 100644
--- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
+++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
@@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644
- echo "*** If you have an old version installed, it is best to remove it, although"
- echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ],
- [ echo "*** The test program failed to compile or link. See the file config.log for the"
-- echo "*** exact error that occured. This usually means LIBXML was incorrectly installed"
+- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed"
- echo "*** or that you have moved LIBXML since it was installed. In the latter case, you"
- echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ])
- CPPFLAGS="$ac_save_CPPFLAGS"
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
deleted file mode 100644
index bb55eed..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
+++ /dev/null
@@ -1,269 +0,0 @@
-libxml2-2.9.4: Fix CVE-2016-4658
-
-[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658
-
-xpointer: Disallow namespace nodes in XPointer points and ranges
-
-Namespace nodes must be copied to avoid use-after-free errors.
-But they don't necessarily have a physical representation in a
-document, so simply disallow them in XPointer ranges.
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=3f8a91036d338e51c059d54397a42d645f019c65]
-CVE: CVE-2016-4658
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..911680d 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
- }
-
- /**
-+ * xmlXPtrNewRangeInternal:
-+ * @start: the starting node
-+ * @startindex: the start index
-+ * @end: the ending point
-+ * @endindex: the ending index
-+ *
-+ * Internal function to create a new xmlXPathObjectPtr of type range
-+ *
-+ * Returns the newly created object.
-+ */
-+static xmlXPathObjectPtr
-+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
-+ xmlNodePtr end, int endindex) {
-+ xmlXPathObjectPtr ret;
-+
-+ /*
-+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
-+ * Disallow them for now.
-+ */
-+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+
-+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-+ if (ret == NULL) {
-+ xmlXPtrErrMemory("allocating range");
-+ return(NULL);
-+ }
-+ memset(ret, 0, sizeof(xmlXPathObject));
-+ ret->type = XPATH_RANGE;
-+ ret->user = start;
-+ ret->index = startindex;
-+ ret->user2 = end;
-+ ret->index2 = endindex;
-+ return(ret);
-+}
-+
-+/**
- * xmlXPtrNewRange:
- * @start: the starting node
- * @startindex: the start index
-@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
- if (endindex < 0)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = startindex;
-- ret->user2 = end;
-- ret->index2 = endindex;
-+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
-+ end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
- if (start->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
- if (end == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- if (start == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = NULL;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
- return(ret);
- }
-
-@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- */
- xmlXPathObjectPtr
- xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
-+ xmlNodePtr endNode;
-+ int endIndex;
- xmlXPathObjectPtr ret;
-
- if (start == NULL)
-@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- return(NULL);
- switch (end->type) {
- case XPATH_POINT:
-+ endNode = end->user;
-+ endIndex = end->index;
-+ break;
- case XPATH_RANGE:
-+ endNode = end->user2;
-+ endIndex = end->index2;
- break;
- case XPATH_NODESET:
- /*
-@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- */
- if (end->nodesetval->nodeNr <= 0)
- return(NULL);
-+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-+ endIndex = -1;
- break;
- default:
- /* TODO */
- return(NULL);
- }
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- switch (end->type) {
-- case XPATH_POINT:
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-- break;
-- case XPATH_RANGE:
-- ret->user2 = end->user2;
-- ret->index2 = end->index2;
-- break;
-- case XPATH_NODESET: {
-- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-- ret->index2 = -1;
-- break;
-- }
-- default:
-- STRANGE
-- return(NULL);
-- }
-+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
-@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user2;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
deleted file mode 100644
index 9d47d02..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
+++ /dev/null
@@ -1,180 +0,0 @@
-From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 14:22:23 +0200
-Subject: [PATCH] Fix XPointer paths beginning with range-to
-
-The old code would invoke the broken xmlXPtrRangeToFunction. range-to
-isn't really a function but a special kind of location step. Remove
-this function and always handle range-to in the XPath code.
-
-The old xmlXPtrRangeToFunction could also be abused to trigger a
-use-after-free error with the potential for remote code execution.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-5131.
-
-CVE: CVE-2016-5131
-Upstream-Status: Backport
-https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- result/XPath/xptr/vidbase | 13 ++++++++
- test/XPath/xptr/vidbase | 1 +
- xpath.c | 7 ++++-
- xpointer.c | 76 ++++-------------------------------------------
- 4 files changed, 26 insertions(+), 71 deletions(-)
-
-diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
-index 8b9e92d..f19193e 100644
---- a/result/XPath/xptr/vidbase
-+++ b/result/XPath/xptr/vidbase
-@@ -17,3 +17,16 @@ Object is a Location Set:
- To node
- ELEMENT p
-
-+
-+========================
-+Expression: xpointer(range-to(id('chapter2')))
-+Object is a Location Set:
-+1 : Object is a range :
-+ From node
-+ /
-+ To node
-+ ELEMENT chapter
-+ ATTRIBUTE id
-+ TEXT
-+ content=chapter2
-+
-diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
-index b146383..884b106 100644
---- a/test/XPath/xptr/vidbase
-+++ b/test/XPath/xptr/vidbase
-@@ -1,2 +1,3 @@
- xpointer(id('chapter1')/p)
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
-+xpointer(range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index d992841..5a01b1b 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
- lc = 1;
- break;
- } else if ((NXT(len) == '(')) {
-- /* Note Type or Function */
-+ /* Node Type or Function */
- if (xmlXPathIsNodeType(name)) {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
- "PathExpr: Type search\n");
- #endif
- lc = 1;
-+#ifdef LIBXML_XPTR_ENABLED
-+ } else if (ctxt->xptr &&
-+ xmlStrEqual(name, BAD_CAST "range-to")) {
-+ lc = 1;
-+#endif
- } else {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..d74174a 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
- ret->here = here;
- ret->origin = origin;
-
-- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
-- xmlXPtrRangeToFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range",
- xmlXPtrRangeFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
-@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- * @nargs: the number of args
- *
- * Implement the range-to() XPointer function
-+ *
-+ * Obsolete. range-to is not a real function but a special type of location
-+ * step which is handled in xpath.c.
- */
- void
--xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
-- xmlXPathObjectPtr range;
-- const xmlChar *cur;
-- xmlXPathObjectPtr res, obj;
-- xmlXPathObjectPtr tmp;
-- xmlLocationSetPtr newset = NULL;
-- xmlNodeSetPtr oldset;
-- int i;
--
-- if (ctxt == NULL) return;
-- CHECK_ARITY(1);
-- /*
-- * Save the expression pointer since we will have to evaluate
-- * it multiple times. Initialize the new set.
-- */
-- CHECK_TYPE(XPATH_NODESET);
-- obj = valuePop(ctxt);
-- oldset = obj->nodesetval;
-- ctxt->context->node = NULL;
--
-- cur = ctxt->cur;
-- newset = xmlXPtrLocationSetCreate(NULL);
--
-- for (i = 0; i < oldset->nodeNr; i++) {
-- ctxt->cur = cur;
--
-- /*
-- * Run the evaluation with a node list made of a single item
-- * in the nodeset.
-- */
-- ctxt->context->node = oldset->nodeTab[i];
-- tmp = xmlXPathNewNodeSet(ctxt->context->node);
-- valuePush(ctxt, tmp);
--
-- xmlXPathEvalExpr(ctxt);
-- CHECK_ERROR;
--
-- /*
-- * The result of the evaluation need to be tested to
-- * decided whether the filter succeeded or not
-- */
-- res = valuePop(ctxt);
-- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
-- if (range != NULL) {
-- xmlXPtrLocationSetAdd(newset, range);
-- }
--
-- /*
-- * Cleanup
-- */
-- if (res != NULL)
-- xmlXPathFreeObject(res);
-- if (ctxt->value == tmp) {
-- res = valuePop(ctxt);
-- xmlXPathFreeObject(res);
-- }
--
-- ctxt->context->node = NULL;
-- }
--
-- /*
-- * The result is used as the new evaluation set.
-- */
-- xmlXPathFreeObject(obj);
-- ctxt->context->node = NULL;
-- ctxt->context->contextSize = -1;
-- ctxt->context->proximityPosition = -1;
-- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
-+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
-+ int nargs ATTRIBUTE_UNUSED) {
-+ XP_ERROR(XPATH_EXPR_ERROR);
- }
-
- /**
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
deleted file mode 100644
index 0108265..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-libxml2: Fix CVE-2017-0663
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
-
-valid: Fix type confusion in xmlValidateOneNamespace
-
-Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
-on namespace declarations make no practical sense anyway.
-
-Fixes bug 780228
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
-CVE: CVE-2017-0663
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..e03d35e 100644
---- a/valid.c
-+++ b/valid.c
-@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- }
- }
-
-+ /*
-+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
-+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
-+ * no practical sense to use ID types anyway.
-+ */
-+#if 0
- /* Validity Constraint: ID uniqueness */
- if (attrDecl->atype == XML_ATTRIBUTE_ID) {
- if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
-@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
- ret = 0;
- }
-+#endif
-
- /* Validity Constraint: Notation Attributes */
- if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
deleted file mode 100644
index 571b05c..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-5969
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
-
-valid: Fix NULL pointer deref in xmlDumpElementContent
-
-Can only be triggered in recovery mode.
-
-Fixes bug 758422
-
-Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882]
-CVE: CVE-2017-5969
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..0a8e58a 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
- xmlBufferWriteCHAR(buf, content->name);
- break;
- case XML_ELEMENT_CONTENT_SEQ:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " , ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
- break;
- case XML_ELEMENT_CONTENT_OR:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " | ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
deleted file mode 100644
index 26779aa..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Wed, 23 Aug 2017 16:04:49 +0800
-Subject: [PATCH] fix CVE-2017-8872
-
-this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
-il too here.
-
-this seems to cure this specific issue, and also passes the testsuite
-
-Signed-off-by: Marcus Meissner <meissner@suse.de>
-
-https://bugzilla.gnome.org/show_bug.cgi?id=775200
-Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- parser.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/parser.c b/parser.c
-index 9506ead..6c07ffd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
- }
- ctxt->input->cur = BAD_CAST"";
- ctxt->input->base = ctxt->input->cur;
-+ if (ctxt->input->buf) {
-+ xmlBufEmpty (ctxt->input->buf->buffer);
-+ } else
-+ ctxt->input->length = 0;
- }
- }
-
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
deleted file mode 100644
index 8b03456..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781701
-
-valid: Fix buffer size checks in xmlSnprintfElementContent
-
-xmlSnprintfElementContent failed to correctly check the available
-buffer space in two locations.
-
-Fixes bug 781333 and bug 781701
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9047 CVE-2017-9048
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/result/valid/781333.xml b/result/valid/781333.xml
-new file mode 100644
-index 0000000..01baf11
---- /dev/null
-+++ b/result/valid/781333.xml
-@@ -0,0 +1,5 @@
-+<?xml version="1.0"?>
-+<!DOCTYPE a [
-+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
lllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
-new file mode 100644
-index 0000000..2176200
---- /dev/null
-+++ b/result/valid/781333.xml.err
-@@ -0,0 +1,3 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
-new file mode 100644
-index 0000000..1195a04
---- /dev/null
-+++ b/result/valid/781333.xml.err.rdr
-@@ -0,0 +1,6 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
-+
-+^
-diff --git a/test/valid/781333.xml b/test/valid/781333.xml
-new file mode 100644
-index 0000000..bceac9c
---- /dev/null
-+++ b/test/valid/781333.xml
-@@ -0,0 +1,4 @@
-+<!DOCTYPE a [
-+ <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
lllllllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/valid.c b/valid.c
-index 19f84b8..aaa30f6 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- case XML_ELEMENT_CONTENT_PCDATA:
- strcat(buf, "#PCDATA");
- break;
-- case XML_ELEMENT_CONTENT_ELEMENT:
-+ case XML_ELEMENT_CONTENT_ELEMENT: {
-+ int qnameLen = xmlStrlen(content->name);
-+
-+ if (content->prefix != NULL)
-+ qnameLen += xmlStrlen(content->prefix) + 1;
-+ if (size - len < qnameLen + 10) {
-+ strcat(buf, " ...");
-+ return;
-+ }
- if (content->prefix != NULL) {
-- if (size - len < xmlStrlen(content->prefix) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- strcat(buf, (char *) content->prefix);
- strcat(buf, ":");
- }
-- if (size - len < xmlStrlen(content->name) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- if (content->name != NULL)
- strcat(buf, (char *) content->name);
- break;
-+ }
- case XML_ELEMENT_CONTENT_SEQ:
- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- xmlSnprintfElementContent(buf, size, content->c2, 0);
- break;
- }
-+ if (size - strlen(buf) <= 2) return;
- if (englob)
- strcat(buf, ")");
- switch (content->ocur) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
deleted file mode 100644
index 591075d..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
+++ /dev/null
@@ -1,291 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781205
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781361
-
-parser: Fix handling of parameter-entity references
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-Percent sign in DTD Names
-=========================
-
-The NEXTL macro used to call xmlParserHandlePEReference. When parsing
-"complex" names inside the DTD, this could result in entity expansion
-which created a new input buffer. The fix is to simply remove the call
-to xmlParserHandlePEReference from the NEXTL macro. This is safe because
-no users of the macro require expansion of parameter entities.
-
-- xmlParseNameComplex
-- xmlParseNCNameComplex
-- xmlParseNmtoken
-
-The percent sign is not allowed in names, which are grammatical tokens.
-
-- xmlParseEntityValue
-
-Parameter-entity references in entity values are expanded but this
-happens in a separate step in this function.
-
-- xmlParseSystemLiteral
-
-Parameter-entity references are ignored in the system literal.
-
-- xmlParseAttValueComplex
-- xmlParseCharDataComplex
-- xmlParseCommentComplex
-- xmlParsePI
-- xmlParseCDSect
-
-Parameter-entity references are ignored outside the DTD.
-
-- xmlLoadEntityContent
-
-This function is only called from xmlStringLenDecodeEntities and
-entities are replaced in a separate step immediately after the function
-call.
-
-This bug could also be triggered with an internal subset and double
-entity expansion.
-
-This fixes bug 766956 initially reported by Wei Lei and independently by
-Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
-involved.
-
-xmlParseNameComplex with XML_PARSE_OLD10
-========================================
-
-When parsing Names inside an expanded parameter entity with the
-XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
-GROW macro if the input buffer was exhausted. At the end of the
-parameter entity's replacement text, this function would then call
-xmlPopInput which invalidated the input buffer.
-
-There should be no need to invoke GROW in this situation because the
-buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
-at least for UTF-8, in xmlCurrentChar. This also matches the code path
-executed when XML_PARSE_OLD10 is not set.
-
-This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
-Thanks to Marcel Böhme and Thuan Pham for the report.
-
-Additional hardening
-====================
-
-A separate check was added in xmlParseNameComplex to validate the
-buffer size.
-
-Fixes bug 781205 and bug 781361
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9049 CVE-2017-9050
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/Makefile.am b/Makefile.am
-index 9f988b0..dab15a4 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
- if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
- rm result.$$name error.$$name ; \
- fi ; fi ; done)
-+ @echo "## Error cases regression tests (old 1.0)"
-+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
-+ name=`basename $$i`; \
-+ if [ ! -d $$i ] ; then \
-+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
-+ echo New test file $$name ; \
-+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
-+ 2> $(srcdir)/result/errors10/$$name.err \
-+ > $(srcdir)/result/errors10/$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ else \
-+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ diff $(srcdir)/result/errors10/$$name result.$$name ; \
-+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
-+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
-+ rm result.$$name error.$$name ; \
-+ fi ; fi ; done)
- @echo "## Error cases stream regression tests"
- -@(for i in $(srcdir)/test/errors/*.xml ; do \
- name=`basename $$i`; \
-diff --git a/parser.c b/parser.c
-index 609a270..8e11c12 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
- ctxt->input->line++; ctxt->input->col = 1; \
- } else ctxt->input->col++; \
- ctxt->input->cur += l; \
-- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
- } while (0)
-
- #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
-@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- len += l;
- NEXTL(l);
- c = CUR_CHAR(l);
-- if (c == 0) {
-- count = 0;
-- GROW;
-- if (ctxt->instate == XML_PARSER_EOF)
-- return(NULL);
-- c = CUR_CHAR(l);
-- }
- }
- }
- if ((len > XML_MAX_NAME_LENGTH) &&
-@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
- return(NULL);
- }
-+ if (ctxt->input->cur - ctxt->input->base < len) {
-+ /*
-+ * There were a couple of bugs where PERefs lead to to a change
-+ * of the buffer. Check the buffer size to avoid passing an invalid
-+ * pointer to xmlDictLookup.
-+ */
-+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
-+ "unexpected change of input buffer");
-+ return (NULL);
-+ }
- if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
-diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
-new file mode 100644
-index 0000000..da15c3f
---- /dev/null
-+++ b/result/errors10/781205.xml.err
-@@ -0,0 +1,21 @@
-+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+Entity: line 1: parser error : DOCTYPE improperly terminated
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+namespace error : Failed to parse QName ':0000'
-+ %a;
-+ ^
-+<:0000
-+ ^
-+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
-+
-+^
-diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
-new file mode 100644
-index 0000000..655f41a
---- /dev/null
-+++ b/result/errors10/781361.xml.err
-@@ -0,0 +1,13 @@
-+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
-+
-+^
-+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+
-+^
-+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
-+
-+^
-+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
-+
-+^
-diff --git a/result/valid/766956.xml b/result/valid/766956.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
-new file mode 100644
-index 0000000..34b1dae
---- /dev/null
-+++ b/result/valid/766956.xml.err
-@@ -0,0 +1,9 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
-new file mode 100644
-index 0000000..7760346
---- /dev/null
-+++ b/result/valid/766956.xml.err.rdr
-@@ -0,0 +1,10 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-+./test/valid/766956.xml : failed to parse
-diff --git a/runtest.c b/runtest.c
-index bb74d2a..63e8c20 100644
---- a/runtest.c
-+++ b/runtest.c
-@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
- { "Error cases regression tests",
- errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
- 0 },
-+ { "Error cases regression tests (old 1.0)",
-+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
-+ XML_PARSE_OLD10 },
- #ifdef LIBXML_READER_ENABLED
- { "Error cases stream regression tests",
- streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
-diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
-new file mode 100644
-index 0000000..d9e9e83
---- /dev/null
-+++ b/test/errors10/781205.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE D [
-+ <!ENTITY % a "<:0000">
-+ %a;
-diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
-new file mode 100644
-index 0000000..67476bc
---- /dev/null
-+++ b/test/errors10/781361.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE doc [
-+ <!ENTITY % elem "<!ELEMENT e0000000000">
-+ %elem;
-diff --git a/test/valid/766956.xml b/test/valid/766956.xml
-new file mode 100644
-index 0000000..19a95a0
---- /dev/null
-+++ b/test/valid/766956.xml
-@@ -0,0 +1,2 @@
-+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
-+<test/>
-diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
-new file mode 100644
-index 0000000..dddde68
---- /dev/null
-+++ b/test/valid/dtds/766956.dtd
-@@ -0,0 +1,2 @@
-+<!ENTITY % ent "value">
-+%ä%ent;
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
deleted file mode 100644
index c60e32f..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-libxml2-2.9.4: Fix more NULL pointer derefs
-
-xpointer: Fix more NULL pointer derefs
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..074db24 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- /*
- * Empty set ...
- */
-- if (end->nodesetval->nodeNr <= 0)
-+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
- return(NULL);
- break;
- default:
-@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
- */
- xmlNodeSetPtr set;
- set = tmp->nodesetval;
-- if ((set->nodeNr != 1) ||
-+ if ((set == NULL) || (set->nodeNr != 1) ||
- (set->nodeTab[0] != (xmlNodePtr) ctx->doc))
- stack++;
- } else
-@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- xmlXPathFreeObject(set);
- XP_ERROR(XPATH_MEMORY_ERROR);
- }
-- for (i = 0;i < oldset->locNr;i++) {
-- xmlXPtrLocationSetAdd(newset,
-- xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ if (oldset != NULL) {
-+ for (i = 0;i < oldset->locNr;i++) {
-+ xmlXPtrLocationSetAdd(newset,
-+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ }
- }
-
- /*
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
deleted file mode 100644
index faa5770..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
+++ /dev/null
@@ -1,590 +0,0 @@
-libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2
-
-[No upstream tracking]
-
-parser: Avoid reparsing in xmlParseStartTag2
-
-The code in xmlParseStartTag2 must handle the case that the input
-buffer was grown and reallocated which can invalidate pointers to
-attribute values. Before, this was handled by detecting changes of
-the input buffer "base" pointer and, in case of a change, jumping
-back to the beginning of the function and reparsing the start tag.
-
-The major problem of this approach is that whether an input buffer is
-reallocated is nondeterministic, resulting in seemingly random test
-failures. See the mailing list thread "runtest mystery bug: name2.xml
-error case regression test" from 2012, for example.
-
-If a reallocation was detected, the code also made no attempts to
-continue parsing in case of errors which makes a difference in
-the lax "recover" mode.
-
-Now we store the current input buffer "base" pointer for each (not
-separately allocated) attribute in the namespace URI field, which isn't
-used until later. After the whole start tag was parsed, the pointers to
-the attribute values are reconstructed using the offset between the
-new and the old input buffer. This relies on arithmetic on dangling
-pointers which is technically undefined behavior. But it seems like
-the easiest and most efficient fix and a similar approach is used in
-xmlParserInputGrow.
-
-This changes the error output of several tests, typically making it
-more verbose because we try harder to continue parsing in case of errors.
-
-(Another possible solution is to check not only the "base" pointer
-but the size of the input buffer as well. But this would result in
-even more reparsing.)
-
-Remove some goto labels and deduplicate a bit of code after handling
-namespaces.
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349]
- - [https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/parser.c b/parser.c
-index 609a270..74016e3 100644
---- a/parser.c
-+++ b/parser.c
-@@ -43,6 +43,7 @@
- #include <limits.h>
- #include <string.h>
- #include <stdarg.h>
-+#include <stddef.h>
- #include <libxml/xmlmemory.h>
- #include <libxml/threads.h>
- #include <libxml/globals.h>
-@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
- const xmlChar **atts = ctxt->atts;
- int maxatts = ctxt->maxatts;
- int nratts, nbatts, nbdef;
-- int i, j, nbNs, attval, oldline, oldcol, inputNr;
-- const xmlChar *base;
-+ int i, j, nbNs, attval;
- unsigned long cur;
- int nsNr = ctxt->nsNr;
-
-@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
- * The Shrinking is only possible once the full set of attribute
- * callbacks have been done.
- */
--reparse:
- SHRINK;
-- base = ctxt->input->base;
- cur = ctxt->input->cur - ctxt->input->base;
-- inputNr = ctxt->inputNr;
-- oldline = ctxt->input->line;
-- oldcol = ctxt->input->col;
- nbatts = 0;
- nratts = 0;
- nbdef = 0;
-@@ -9422,8 +9417,6 @@ reparse:
- */
- SKIP_BLANKS;
- GROW;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-
- while (((RAW != '>') &&
- ((RAW != '/') || (NXT(1) != '>')) &&
-@@ -9434,203 +9427,174 @@ reparse:
-
- attname = xmlParseAttribute2(ctxt, prefix, localname,
- &aprefix, &attvalue, &len, &alloc);
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
-- if ((attvalue != NULL) && (alloc != 0))
-- xmlFree(attvalue);
-- attvalue = NULL;
-- goto base_changed;
-- }
-- if ((attname != NULL) && (attvalue != NULL)) {
-- if (len < 0) len = xmlStrlen(attvalue);
-- if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
-- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-- xmlURIPtr uri;
--
-- if (URL == NULL) {
-- xmlErrMemory(ctxt, "dictionary allocation failure");
-- if ((attvalue != NULL) && (alloc != 0))
-- xmlFree(attvalue);
-- return(NULL);
-- }
-- if (*URL != 0) {
-- uri = xmlParseURI((const char *) URL);
-- if (uri == NULL) {
-- xmlNsErr(ctxt, XML_WAR_NS_URI,
-- "xmlns: '%s' is not a valid URI\n",
-- URL, NULL, NULL);
-- } else {
-- if (uri->scheme == NULL) {
-- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-- "xmlns: URI %s is not absolute\n",
-- URL, NULL, NULL);
-- }
-- xmlFreeURI(uri);
-- }
-- if (URL == ctxt->str_xml_ns) {
-- if (attname != ctxt->str_xml) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace URI cannot be the default namespace\n",
-- NULL, NULL, NULL);
-- }
-- goto skip_default_ns;
-- }
-- if ((len == 29) &&
-- (xmlStrEqual(URL,
-- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "reuse of the xmlns namespace name is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_default_ns;
-- }
-- }
-- /*
-- * check that it's not a defined namespace
-- */
-- for (j = 1;j <= nbNs;j++)
-- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
-- break;
-- if (j <= nbNs)
-- xmlErrAttributeDup(ctxt, NULL, attname);
-- else
-- if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
--skip_default_ns:
-- if ((attvalue != NULL) && (alloc != 0)) {
-- xmlFree(attvalue);
-- attvalue = NULL;
-- }
-- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
-- break;
-- if (!IS_BLANK_CH(RAW)) {
-- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
-- "attributes construct error\n");
-- break;
-- }
-- SKIP_BLANKS;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-- continue;
-- }
-- if (aprefix == ctxt->str_xmlns) {
-- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-- xmlURIPtr uri;
--
-- if (attname == ctxt->str_xml) {
-- if (URL != ctxt->str_xml_ns) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace prefix mapped to wrong URI\n",
-- NULL, NULL, NULL);
-- }
-- /*
-- * Do not keep a namespace definition node
-- */
-- goto skip_ns;
-- }
-+ if ((attname == NULL) || (attvalue == NULL))
-+ goto next_attr;
-+ if (len < 0) len = xmlStrlen(attvalue);
-+
-+ if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
-+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+ xmlURIPtr uri;
-+
-+ if (URL == NULL) {
-+ xmlErrMemory(ctxt, "dictionary allocation failure");
-+ if ((attvalue != NULL) && (alloc != 0))
-+ xmlFree(attvalue);
-+ return(NULL);
-+ }
-+ if (*URL != 0) {
-+ uri = xmlParseURI((const char *) URL);
-+ if (uri == NULL) {
-+ xmlNsErr(ctxt, XML_WAR_NS_URI,
-+ "xmlns: '%s' is not a valid URI\n",
-+ URL, NULL, NULL);
-+ } else {
-+ if (uri->scheme == NULL) {
-+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+ "xmlns: URI %s is not absolute\n",
-+ URL, NULL, NULL);
-+ }
-+ xmlFreeURI(uri);
-+ }
- if (URL == ctxt->str_xml_ns) {
-- if (attname != ctxt->str_xml) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace URI mapped to wrong prefix\n",
-- NULL, NULL, NULL);
-- }
-- goto skip_ns;
-- }
-- if (attname == ctxt->str_xmlns) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "redefinition of the xmlns prefix is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_ns;
-- }
-- if ((len == 29) &&
-- (xmlStrEqual(URL,
-- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "reuse of the xmlns namespace name is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_ns;
-- }
-- if ((URL == NULL) || (URL[0] == 0)) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xmlns:%s: Empty XML namespace is not allowed\n",
-- attname, NULL, NULL);
-- goto skip_ns;
-- } else {
-- uri = xmlParseURI((const char *) URL);
-- if (uri == NULL) {
-- xmlNsErr(ctxt, XML_WAR_NS_URI,
-- "xmlns:%s: '%s' is not a valid URI\n",
-- attname, URL, NULL);
-- } else {
-- if ((ctxt->pedantic) && (uri->scheme == NULL)) {
-- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-- "xmlns:%s: URI %s is not absolute\n",
-- attname, URL, NULL);
-- }
-- xmlFreeURI(uri);
-- }
-- }
--
-- /*
-- * check that it's not a defined namespace
-- */
-- for (j = 1;j <= nbNs;j++)
-- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
-- break;
-- if (j <= nbNs)
-- xmlErrAttributeDup(ctxt, aprefix, attname);
-- else
-- if (nsPush(ctxt, attname, URL) > 0) nbNs++;
--skip_ns:
-- if ((attvalue != NULL) && (alloc != 0)) {
-- xmlFree(attvalue);
-- attvalue = NULL;
-- }
-- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
-- break;
-- if (!IS_BLANK_CH(RAW)) {
-- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
-- "attributes construct error\n");
-- break;
-- }
-- SKIP_BLANKS;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-- continue;
-- }
-+ if (attname != ctxt->str_xml) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace URI cannot be the default namespace\n",
-+ NULL, NULL, NULL);
-+ }
-+ goto next_attr;
-+ }
-+ if ((len == 29) &&
-+ (xmlStrEqual(URL,
-+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "reuse of the xmlns namespace name is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ }
-+ /*
-+ * check that it's not a defined namespace
-+ */
-+ for (j = 1;j <= nbNs;j++)
-+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
-+ break;
-+ if (j <= nbNs)
-+ xmlErrAttributeDup(ctxt, NULL, attname);
-+ else
-+ if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
-+
-+ } else if (aprefix == ctxt->str_xmlns) {
-+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+ xmlURIPtr uri;
-+
-+ if (attname == ctxt->str_xml) {
-+ if (URL != ctxt->str_xml_ns) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace prefix mapped to wrong URI\n",
-+ NULL, NULL, NULL);
-+ }
-+ /*
-+ * Do not keep a namespace definition node
-+ */
-+ goto next_attr;
-+ }
-+ if (URL == ctxt->str_xml_ns) {
-+ if (attname != ctxt->str_xml) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace URI mapped to wrong prefix\n",
-+ NULL, NULL, NULL);
-+ }
-+ goto next_attr;
-+ }
-+ if (attname == ctxt->str_xmlns) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "redefinition of the xmlns prefix is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ if ((len == 29) &&
-+ (xmlStrEqual(URL,
-+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "reuse of the xmlns namespace name is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ if ((URL == NULL) || (URL[0] == 0)) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xmlns:%s: Empty XML namespace is not allowed\n",
-+ attname, NULL, NULL);
-+ goto next_attr;
-+ } else {
-+ uri = xmlParseURI((const char *) URL);
-+ if (uri == NULL) {
-+ xmlNsErr(ctxt, XML_WAR_NS_URI,
-+ "xmlns:%s: '%s' is not a valid URI\n",
-+ attname, URL, NULL);
-+ } else {
-+ if ((ctxt->pedantic) && (uri->scheme == NULL)) {
-+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+ "xmlns:%s: URI %s is not absolute\n",
-+ attname, URL, NULL);
-+ }
-+ xmlFreeURI(uri);
-+ }
-+ }
-
-- /*
-- * Add the pair to atts
-- */
-- if ((atts == NULL) || (nbatts + 5 > maxatts)) {
-- if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
-- if (attvalue[len] == 0)
-- xmlFree(attvalue);
-- goto failed;
-- }
-- maxatts = ctxt->maxatts;
-- atts = ctxt->atts;
-- }
-- ctxt->attallocs[nratts++] = alloc;
-- atts[nbatts++] = attname;
-- atts[nbatts++] = aprefix;
-- atts[nbatts++] = NULL; /* the URI will be fetched later */
-- atts[nbatts++] = attvalue;
-- attvalue += len;
-- atts[nbatts++] = attvalue;
-- /*
-- * tag if some deallocation is needed
-- */
-- if (alloc != 0) attval = 1;
-- } else {
-- if ((attvalue != NULL) && (attvalue[len] == 0))
-- xmlFree(attvalue);
-- }
-+ /*
-+ * check that it's not a defined namespace
-+ */
-+ for (j = 1;j <= nbNs;j++)
-+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
-+ break;
-+ if (j <= nbNs)
-+ xmlErrAttributeDup(ctxt, aprefix, attname);
-+ else
-+ if (nsPush(ctxt, attname, URL) > 0) nbNs++;
-+
-+ } else {
-+ /*
-+ * Add the pair to atts
-+ */
-+ if ((atts == NULL) || (nbatts + 5 > maxatts)) {
-+ if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
-+ goto next_attr;
-+ }
-+ maxatts = ctxt->maxatts;
-+ atts = ctxt->atts;
-+ }
-+ ctxt->attallocs[nratts++] = alloc;
-+ atts[nbatts++] = attname;
-+ atts[nbatts++] = aprefix;
-+ /*
-+ * The namespace URI field is used temporarily to point at the
-+ * base of the current input buffer for non-alloced attributes.
-+ * When the input buffer is reallocated, all the pointers become
-+ * invalid, but they can be reconstructed later.
-+ */
-+ if (alloc)
-+ atts[nbatts++] = NULL;
-+ else
-+ atts[nbatts++] = ctxt->input->base;
-+ atts[nbatts++] = attvalue;
-+ attvalue += len;
-+ atts[nbatts++] = attvalue;
-+ /*
-+ * tag if some deallocation is needed
-+ */
-+ if (alloc != 0) attval = 1;
-+ attvalue = NULL; /* moved into atts */
-+ }
-
--failed:
-+next_attr:
-+ if ((attvalue != NULL) && (alloc != 0)) {
-+ xmlFree(attvalue);
-+ attvalue = NULL;
-+ }
-
- GROW
- if (ctxt->instate == XML_PARSER_EOF)
- break;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
- break;
- if (!IS_BLANK_CH(RAW)) {
-@@ -9646,8 +9610,20 @@ failed:
- break;
- }
- GROW;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-+ }
-+
-+ /* Reconstruct attribute value pointers. */
-+ for (i = 0, j = 0; j < nratts; i += 5, j++) {
-+ if (atts[i+2] != NULL) {
-+ /*
-+ * Arithmetic on dangling pointers is technically undefined
-+ * behavior, but well...
-+ */
-+ ptrdiff_t offset = ctxt->input->base - atts[i+2];
-+ atts[i+2] = NULL; /* Reset repurposed namespace URI */
-+ atts[i+3] += offset; /* value */
-+ atts[i+4] += offset; /* valuend */
-+ }
- }
-
- /*
-@@ -9804,34 +9780,6 @@ failed:
- }
-
- return(localname);
--
--base_changed:
-- /*
-- * the attribute strings are valid iif the base didn't changed
-- */
-- if (attval != 0) {
-- for (i = 3,j = 0; j < nratts;i += 5,j++)
-- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
-- xmlFree((xmlChar *) atts[i]);
-- }
--
-- /*
-- * We can't switch from one entity to another in the middle
-- * of a start tag
-- */
-- if (inputNr != ctxt->inputNr) {
-- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
-- "Start tag doesn't start and stop in the same entity\n");
-- return(NULL);
-- }
--
-- ctxt->input->cur = ctxt->input->base + cur;
-- ctxt->input->line = oldline;
-- ctxt->input->col = oldcol;
-- if (ctxt->wellFormed == 1) {
-- goto reparse;
-- }
-- return(NULL);
- }
-
- /**
-diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err
-index e08d9bf..f6036a3 100644
---- a/result/errors/759398.xml.err
-+++ b/result/errors/759398.xml.err
-@@ -1,9 +1,12 @@
- ./test/errors/759398.xml:210: parser error : StartTag: invalid element name
- need to worry about parsers whi<! don't expand PErefs finding
- ^
--./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: spec line 50 and termdef
-+./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââm line 308 and termdef
- and provide access to their content and structure.</termdef> <termdef
- ^
--./test/errors/759398.xml:309: parser error : Extra content at the end of the document
--and provide access to their content and structure.</termdef> <termdef
-- ^
-+./test/errors/759398.xml:314: parser error : Opening and ending tag mismatch: spec line 50 and p
-+data and the information it must provide to the application.</p>
-+ ^
-+./test/errors/759398.xml:316: parser error : Extra content at the end of the document
-+<div2 id='sec-origin-goals'>
-+^
-diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err
-index 4f08538..c4c4fc8 100644
---- a/result/errors/attr1.xml.err
-+++ b/result/errors/attr1.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr1.xml:2: parser error : AttValue: ' expected
-
- ^
--./test/errors/attr1.xml:1: parser error : Extra content at the end of the document
--<foo foo="oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr1.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr1.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/attr2.xml.err b/result/errors/attr2.xml.err
-index c8a9c7d..77e342e 100644
---- a/result/errors/attr2.xml.err
-+++ b/result/errors/attr2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr2.xml:2: parser error : AttValue: ' expected
-
- ^
--./test/errors/attr2.xml:1: parser error : Extra content at the end of the document
--<foo foo=">ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err
-index a6649a1..8a6acee 100644
---- a/result/errors/name2.xml.err
-+++ b/result/errors/name2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/name2.xml:2: parser error : Specification mandate value for attribute foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-
- ^
--./test/errors/name2.xml:1: parser error : Extra content at the end of the document
--<foo foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/name2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/name2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
deleted file mode 100644
index 65f6bef..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-libxml2-2.9.4: Fix comparison with root node in xmlXPathCmpNodes and NULL pointer deref in XPointer
-
-xpath:
- - Check for errors after evaluating first operand.
- - Add sanity check for empty stack.
- - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8]
-CVE: CVE-2016-5131
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
-new file mode 100644
-index 0000000..d589882
---- /dev/null
-+++ b/result/XPath/xptr/viderror
-@@ -0,0 +1,4 @@
-+
-+========================
-+Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
-+Object is empty (NULL)
-diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
-new file mode 100644
-index 0000000..da8c53b
---- /dev/null
-+++ b/test/XPath/xptr/viderror
-@@ -0,0 +1 @@
-+xpointer(non-existing-fn()/range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index 113bce6..d992841 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
- * compute depth to root
- */
- for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node1)
-+ if (cur->parent == node1)
- return(1);
- depth2++;
- }
- root = cur;
- for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node2)
-+ if (cur->parent == node2)
- return(-1);
- depth1++;
- }
-@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- xmlNodeSetPtr oldset;
- int i, j;
-
-- if (op->ch1 != -1)
-+ if (op->ch1 != -1) {
- total +=
- xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
-+ CHECK_ERROR0;
-+ }
-+ if (ctxt->value == NULL) {
-+ XP_ERROR0(XPATH_INVALID_OPERAND);
-+ }
- if (op->ch2 == -1)
- return (total);
-
diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch b/meta/recipes-core/libxml/libxml2/runtest.patch
index 6e56857..cb171d5 100644
--- a/meta/recipes-core/libxml/libxml2/runtest.patch
+++ b/meta/recipes-core/libxml/libxml2/runtest.patch
@@ -2,47 +2,29 @@ Add 'install-ptest' rule.
Print a standard result line for each test.
Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
-Signed-off-by: Andrej Valek <andrej.valek@enea.com>
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Upstream-Status: Backport
diff -uNr a/Makefile.am b/Makefile.am
---- a/Makefile.am 2016-05-22 03:49:02.000000000 +0200
-+++ b/Makefile.am 2017-06-14 10:38:43.381305385 +0200
-@@ -202,10 +202,24 @@
+--- a/Makefile.am 2017-08-28 15:01:14.000000000 +0200
++++ b/Makefile.am 2017-09-05 08:06:05.752287323 +0200
+@@ -202,6 +202,15 @@
#testOOM_DEPENDENCIES = $(DEPS)
#testOOM_LDADD= $(LDADDS)
+install-ptest:
+ @(if [ -d .libs ] ; then cd .libs; fi; \
-+ install $(noinst_PROGRAMS) $(DESTDIR))
++ install $(check_PROGRAMS) $(DESTDIR))
+ cp -r $(srcdir)/test $(DESTDIR)
+ cp -r $(srcdir)/result $(DESTDIR)
+ cp -r $(srcdir)/python $(DESTDIR)
+ cp Makefile $(DESTDIR)
+ sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile
+
- runtests:
+ runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \
+ testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT)
[ -d test ] || $(LN_S) $(srcdir)/test .
- [ -d result ] || $(LN_S) $(srcdir)/result .
-- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
-+ $(CHECKER) ./runtest$(EXEEXT) && \
-+ $(CHECKER) ./testrecurse$(EXEEXT) && \
-+ ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) ./testapi$(EXEEXT) && \
-+ $(CHECKER) ./testchar$(EXEEXT) && \
-+ $(CHECKER) ./testdict$(EXEEXT) && \
-+ $(CHECKER) ./runxmlconf$(EXEEXT)
- @(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \
- $(MAKE) tests ; fi)
-
-@@ -229,7 +243,7 @@
-
- APItests: testapi$(EXEEXT)
- @echo "## Running the API regression tests this may take a little while"
-- -@($(CHECKER) $(top_builddir)/testapi -q)
-+ -@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) $(top_builddir)/testapi -q)
-
- HTMLtests : testHTML$(EXEEXT)
- @(echo > .memdump)
+
diff -uNr a/runsuite.c b/runsuite.c
--- a/runsuite.c 2013-04-12 16:17:11.462823238 +0200
+++ b/runsuite.c 2013-04-17 14:07:24.352693211 +0200
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.6.bb
similarity index 86%
rename from meta/recipes-core/libxml/libxml2_2.9.4.bb
rename to meta/recipes-core/libxml/libxml2_2.9.6.bb
index 9adb29c..67df2ee 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.6.bb
@@ -19,21 +19,11 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
file://run-ptest \
file://python-sitepackages-dir.patch \
file://libxml-m4-use-pkgconfig.patch \
- file://libxml2-fix_node_comparison.patch \
- file://libxml2-CVE-2016-5131.patch \
- file://libxml2-CVE-2016-4658.patch \
- file://libxml2-fix_NULL_pointer_derefs.patch \
- file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
- file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
- file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
- file://libxml2-CVE-2017-5969.patch \
- file://libxml2-CVE-2017-0663.patch \
- file://libxml2-CVE-2017-8872.patch \
file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
"
-SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
-SRC_URI[libtar.sha256sum] = "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c"
+SRC_URI[libtar.md5sum] = "dbae8327d8471941bf0472e273473e36"
+SRC_URI[libtar.sha256sum] = "8b9038cca7240e881d462ea391882092dfdc6d4f483f72683e817be08df5ebbc"
SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a"
SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
@@ -81,6 +71,10 @@ do_configure_prepend () {
find ${WORKDIR}/xmlconf/ -type f -exec chmod -x {} \+
}
+do_compile_ptest() {
+ oe_runmake check-am
+}
+
do_install_ptest () {
cp -r ${WORKDIR}/xmlconf ${D}${PTEST_PATH}
if [ "${@bb.utils.filter('PACKAGECONFIG', 'python', d)}" ]; then
--
2.1.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH v6] libxml2: 2.9.4 -> 2.9.7
2017-10-09 6:29 ` [PATCH v4] " Andrej Valek
2017-10-31 7:03 ` [PATCH v5] " Andrej Valek
@ 2017-11-03 7:12 ` Andrej Valek
2017-11-06 7:37 ` Andrej Valek
1 sibling, 1 reply; 24+ messages in thread
From: Andrej Valek @ 2017-11-03 7:12 UTC (permalink / raw)
To: openembedded-core
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=UTF-8, Size: 91396 bytes --]
- remove backported patches (CVE-* and fix-*)
- adapt changes from 2.9.5+ version into ptest patch
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
---
.../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +-
.../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 ----------
.../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 -------
.../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 --
.../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ---
.../libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 --
.../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ----
.../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ----------
.../libxml2/libxml2-fix_NULL_pointer_derefs.patch | 45 --
...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 ---------------------
.../libxml2/libxml2-fix_node_comparison.patch | 67 ---
meta/recipes-core/libxml/libxml2/runtest.patch | 34 +-
.../libxml/{libxml2_2.9.4.bb => libxml2_2.9.7.bb} | 18 +-
13 files changed, 15 insertions(+), 1723 deletions(-)
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
rename meta/recipes-core/libxml/{libxml2_2.9.4.bb => libxml2_2.9.7.bb} (86%)
diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
index 3277165..d9ed151 100644
--- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
+++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
@@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644
- echo "*** If you have an old version installed, it is best to remove it, although"
- echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ],
- [ echo "*** The test program failed to compile or link. See the file config.log for the"
-- echo "*** exact error that occured. This usually means LIBXML was incorrectly installed"
+- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed"
- echo "*** or that you have moved LIBXML since it was installed. In the latter case, you"
- echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ])
- CPPFLAGS="$ac_save_CPPFLAGS"
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
deleted file mode 100644
index bb55eed..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
+++ /dev/null
@@ -1,269 +0,0 @@
-libxml2-2.9.4: Fix CVE-2016-4658
-
-[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658
-
-xpointer: Disallow namespace nodes in XPointer points and ranges
-
-Namespace nodes must be copied to avoid use-after-free errors.
-But they don't necessarily have a physical representation in a
-document, so simply disallow them in XPointer ranges.
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=3f8a91036d338e51c059d54397a42d645f019c65]
-CVE: CVE-2016-4658
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..911680d 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
- }
-
- /**
-+ * xmlXPtrNewRangeInternal:
-+ * @start: the starting node
-+ * @startindex: the start index
-+ * @end: the ending point
-+ * @endindex: the ending index
-+ *
-+ * Internal function to create a new xmlXPathObjectPtr of type range
-+ *
-+ * Returns the newly created object.
-+ */
-+static xmlXPathObjectPtr
-+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
-+ xmlNodePtr end, int endindex) {
-+ xmlXPathObjectPtr ret;
-+
-+ /*
-+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
-+ * Disallow them for now.
-+ */
-+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+
-+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-+ if (ret == NULL) {
-+ xmlXPtrErrMemory("allocating range");
-+ return(NULL);
-+ }
-+ memset(ret, 0, sizeof(xmlXPathObject));
-+ ret->type = XPATH_RANGE;
-+ ret->user = start;
-+ ret->index = startindex;
-+ ret->user2 = end;
-+ ret->index2 = endindex;
-+ return(ret);
-+}
-+
-+/**
- * xmlXPtrNewRange:
- * @start: the starting node
- * @startindex: the start index
-@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
- if (endindex < 0)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = startindex;
-- ret->user2 = end;
-- ret->index2 = endindex;
-+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
-+ end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
- if (start->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
- if (end == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- if (start == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = NULL;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
- return(ret);
- }
-
-@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- */
- xmlXPathObjectPtr
- xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
-+ xmlNodePtr endNode;
-+ int endIndex;
- xmlXPathObjectPtr ret;
-
- if (start == NULL)
-@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- return(NULL);
- switch (end->type) {
- case XPATH_POINT:
-+ endNode = end->user;
-+ endIndex = end->index;
-+ break;
- case XPATH_RANGE:
-+ endNode = end->user2;
-+ endIndex = end->index2;
- break;
- case XPATH_NODESET:
- /*
-@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- */
- if (end->nodesetval->nodeNr <= 0)
- return(NULL);
-+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-+ endIndex = -1;
- break;
- default:
- /* TODO */
- return(NULL);
- }
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- switch (end->type) {
-- case XPATH_POINT:
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-- break;
-- case XPATH_RANGE:
-- ret->user2 = end->user2;
-- ret->index2 = end->index2;
-- break;
-- case XPATH_NODESET: {
-- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-- ret->index2 = -1;
-- break;
-- }
-- default:
-- STRANGE
-- return(NULL);
-- }
-+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
-@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user2;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
deleted file mode 100644
index 9d47d02..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
+++ /dev/null
@@ -1,180 +0,0 @@
-From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 14:22:23 +0200
-Subject: [PATCH] Fix XPointer paths beginning with range-to
-
-The old code would invoke the broken xmlXPtrRangeToFunction. range-to
-isn't really a function but a special kind of location step. Remove
-this function and always handle range-to in the XPath code.
-
-The old xmlXPtrRangeToFunction could also be abused to trigger a
-use-after-free error with the potential for remote code execution.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-5131.
-
-CVE: CVE-2016-5131
-Upstream-Status: Backport
-https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- result/XPath/xptr/vidbase | 13 ++++++++
- test/XPath/xptr/vidbase | 1 +
- xpath.c | 7 ++++-
- xpointer.c | 76 ++++-------------------------------------------
- 4 files changed, 26 insertions(+), 71 deletions(-)
-
-diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
-index 8b9e92d..f19193e 100644
---- a/result/XPath/xptr/vidbase
-+++ b/result/XPath/xptr/vidbase
-@@ -17,3 +17,16 @@ Object is a Location Set:
- To node
- ELEMENT p
-
-+
-+========================
-+Expression: xpointer(range-to(id('chapter2')))
-+Object is a Location Set:
-+1 : Object is a range :
-+ From node
-+ /
-+ To node
-+ ELEMENT chapter
-+ ATTRIBUTE id
-+ TEXT
-+ content=chapter2
-+
-diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
-index b146383..884b106 100644
---- a/test/XPath/xptr/vidbase
-+++ b/test/XPath/xptr/vidbase
-@@ -1,2 +1,3 @@
- xpointer(id('chapter1')/p)
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
-+xpointer(range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index d992841..5a01b1b 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
- lc = 1;
- break;
- } else if ((NXT(len) == '(')) {
-- /* Note Type or Function */
-+ /* Node Type or Function */
- if (xmlXPathIsNodeType(name)) {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
- "PathExpr: Type search\n");
- #endif
- lc = 1;
-+#ifdef LIBXML_XPTR_ENABLED
-+ } else if (ctxt->xptr &&
-+ xmlStrEqual(name, BAD_CAST "range-to")) {
-+ lc = 1;
-+#endif
- } else {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..d74174a 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
- ret->here = here;
- ret->origin = origin;
-
-- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
-- xmlXPtrRangeToFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range",
- xmlXPtrRangeFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
-@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- * @nargs: the number of args
- *
- * Implement the range-to() XPointer function
-+ *
-+ * Obsolete. range-to is not a real function but a special type of location
-+ * step which is handled in xpath.c.
- */
- void
--xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
-- xmlXPathObjectPtr range;
-- const xmlChar *cur;
-- xmlXPathObjectPtr res, obj;
-- xmlXPathObjectPtr tmp;
-- xmlLocationSetPtr newset = NULL;
-- xmlNodeSetPtr oldset;
-- int i;
--
-- if (ctxt == NULL) return;
-- CHECK_ARITY(1);
-- /*
-- * Save the expression pointer since we will have to evaluate
-- * it multiple times. Initialize the new set.
-- */
-- CHECK_TYPE(XPATH_NODESET);
-- obj = valuePop(ctxt);
-- oldset = obj->nodesetval;
-- ctxt->context->node = NULL;
--
-- cur = ctxt->cur;
-- newset = xmlXPtrLocationSetCreate(NULL);
--
-- for (i = 0; i < oldset->nodeNr; i++) {
-- ctxt->cur = cur;
--
-- /*
-- * Run the evaluation with a node list made of a single item
-- * in the nodeset.
-- */
-- ctxt->context->node = oldset->nodeTab[i];
-- tmp = xmlXPathNewNodeSet(ctxt->context->node);
-- valuePush(ctxt, tmp);
--
-- xmlXPathEvalExpr(ctxt);
-- CHECK_ERROR;
--
-- /*
-- * The result of the evaluation need to be tested to
-- * decided whether the filter succeeded or not
-- */
-- res = valuePop(ctxt);
-- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
-- if (range != NULL) {
-- xmlXPtrLocationSetAdd(newset, range);
-- }
--
-- /*
-- * Cleanup
-- */
-- if (res != NULL)
-- xmlXPathFreeObject(res);
-- if (ctxt->value == tmp) {
-- res = valuePop(ctxt);
-- xmlXPathFreeObject(res);
-- }
--
-- ctxt->context->node = NULL;
-- }
--
-- /*
-- * The result is used as the new evaluation set.
-- */
-- xmlXPathFreeObject(obj);
-- ctxt->context->node = NULL;
-- ctxt->context->contextSize = -1;
-- ctxt->context->proximityPosition = -1;
-- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
-+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
-+ int nargs ATTRIBUTE_UNUSED) {
-+ XP_ERROR(XPATH_EXPR_ERROR);
- }
-
- /**
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
deleted file mode 100644
index 0108265..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-libxml2: Fix CVE-2017-0663
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
-
-valid: Fix type confusion in xmlValidateOneNamespace
-
-Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
-on namespace declarations make no practical sense anyway.
-
-Fixes bug 780228
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
-CVE: CVE-2017-0663
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..e03d35e 100644
---- a/valid.c
-+++ b/valid.c
-@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- }
- }
-
-+ /*
-+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
-+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
-+ * no practical sense to use ID types anyway.
-+ */
-+#if 0
- /* Validity Constraint: ID uniqueness */
- if (attrDecl->atype == XML_ATTRIBUTE_ID) {
- if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
-@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
- ret = 0;
- }
-+#endif
-
- /* Validity Constraint: Notation Attributes */
- if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
deleted file mode 100644
index 571b05c..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-5969
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
-
-valid: Fix NULL pointer deref in xmlDumpElementContent
-
-Can only be triggered in recovery mode.
-
-Fixes bug 758422
-
-Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882]
-CVE: CVE-2017-5969
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..0a8e58a 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
- xmlBufferWriteCHAR(buf, content->name);
- break;
- case XML_ELEMENT_CONTENT_SEQ:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " , ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
- break;
- case XML_ELEMENT_CONTENT_OR:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " | ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
deleted file mode 100644
index 26779aa..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Wed, 23 Aug 2017 16:04:49 +0800
-Subject: [PATCH] fix CVE-2017-8872
-
-this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
-il too here.
-
-this seems to cure this specific issue, and also passes the testsuite
-
-Signed-off-by: Marcus Meissner <meissner@suse.de>
-
-https://bugzilla.gnome.org/show_bug.cgi?id=775200
-Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- parser.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/parser.c b/parser.c
-index 9506ead..6c07ffd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
- }
- ctxt->input->cur = BAD_CAST"";
- ctxt->input->base = ctxt->input->cur;
-+ if (ctxt->input->buf) {
-+ xmlBufEmpty (ctxt->input->buf->buffer);
-+ } else
-+ ctxt->input->length = 0;
- }
- }
-
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
deleted file mode 100644
index 8b03456..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781701
-
-valid: Fix buffer size checks in xmlSnprintfElementContent
-
-xmlSnprintfElementContent failed to correctly check the available
-buffer space in two locations.
-
-Fixes bug 781333 and bug 781701
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9047 CVE-2017-9048
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/result/valid/781333.xml b/result/valid/781333.xml
-new file mode 100644
-index 0000000..01baf11
---- /dev/null
-+++ b/result/valid/781333.xml
-@@ -0,0 +1,5 @@
-+<?xml version="1.0"?>
-+<!DOCTYPE a [
-+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
lllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
-new file mode 100644
-index 0000000..2176200
---- /dev/null
-+++ b/result/valid/781333.xml.err
-@@ -0,0 +1,3 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
-new file mode 100644
-index 0000000..1195a04
---- /dev/null
-+++ b/result/valid/781333.xml.err.rdr
-@@ -0,0 +1,6 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
-+
-+^
-diff --git a/test/valid/781333.xml b/test/valid/781333.xml
-new file mode 100644
-index 0000000..bceac9c
---- /dev/null
-+++ b/test/valid/781333.xml
-@@ -0,0 +1,4 @@
-+<!DOCTYPE a [
-+ <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppp:lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll!
lllllllll
lllllllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/valid.c b/valid.c
-index 19f84b8..aaa30f6 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- case XML_ELEMENT_CONTENT_PCDATA:
- strcat(buf, "#PCDATA");
- break;
-- case XML_ELEMENT_CONTENT_ELEMENT:
-+ case XML_ELEMENT_CONTENT_ELEMENT: {
-+ int qnameLen = xmlStrlen(content->name);
-+
-+ if (content->prefix != NULL)
-+ qnameLen += xmlStrlen(content->prefix) + 1;
-+ if (size - len < qnameLen + 10) {
-+ strcat(buf, " ...");
-+ return;
-+ }
- if (content->prefix != NULL) {
-- if (size - len < xmlStrlen(content->prefix) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- strcat(buf, (char *) content->prefix);
- strcat(buf, ":");
- }
-- if (size - len < xmlStrlen(content->name) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- if (content->name != NULL)
- strcat(buf, (char *) content->name);
- break;
-+ }
- case XML_ELEMENT_CONTENT_SEQ:
- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- xmlSnprintfElementContent(buf, size, content->c2, 0);
- break;
- }
-+ if (size - strlen(buf) <= 2) return;
- if (englob)
- strcat(buf, ")");
- switch (content->ocur) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
deleted file mode 100644
index 591075d..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
+++ /dev/null
@@ -1,291 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781205
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781361
-
-parser: Fix handling of parameter-entity references
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-Percent sign in DTD Names
-=========================
-
-The NEXTL macro used to call xmlParserHandlePEReference. When parsing
-"complex" names inside the DTD, this could result in entity expansion
-which created a new input buffer. The fix is to simply remove the call
-to xmlParserHandlePEReference from the NEXTL macro. This is safe because
-no users of the macro require expansion of parameter entities.
-
-- xmlParseNameComplex
-- xmlParseNCNameComplex
-- xmlParseNmtoken
-
-The percent sign is not allowed in names, which are grammatical tokens.
-
-- xmlParseEntityValue
-
-Parameter-entity references in entity values are expanded but this
-happens in a separate step in this function.
-
-- xmlParseSystemLiteral
-
-Parameter-entity references are ignored in the system literal.
-
-- xmlParseAttValueComplex
-- xmlParseCharDataComplex
-- xmlParseCommentComplex
-- xmlParsePI
-- xmlParseCDSect
-
-Parameter-entity references are ignored outside the DTD.
-
-- xmlLoadEntityContent
-
-This function is only called from xmlStringLenDecodeEntities and
-entities are replaced in a separate step immediately after the function
-call.
-
-This bug could also be triggered with an internal subset and double
-entity expansion.
-
-This fixes bug 766956 initially reported by Wei Lei and independently by
-Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
-involved.
-
-xmlParseNameComplex with XML_PARSE_OLD10
-========================================
-
-When parsing Names inside an expanded parameter entity with the
-XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
-GROW macro if the input buffer was exhausted. At the end of the
-parameter entity's replacement text, this function would then call
-xmlPopInput which invalidated the input buffer.
-
-There should be no need to invoke GROW in this situation because the
-buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
-at least for UTF-8, in xmlCurrentChar. This also matches the code path
-executed when XML_PARSE_OLD10 is not set.
-
-This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
-Thanks to Marcel Böhme and Thuan Pham for the report.
-
-Additional hardening
-====================
-
-A separate check was added in xmlParseNameComplex to validate the
-buffer size.
-
-Fixes bug 781205 and bug 781361
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9049 CVE-2017-9050
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/Makefile.am b/Makefile.am
-index 9f988b0..dab15a4 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
- if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
- rm result.$$name error.$$name ; \
- fi ; fi ; done)
-+ @echo "## Error cases regression tests (old 1.0)"
-+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
-+ name=`basename $$i`; \
-+ if [ ! -d $$i ] ; then \
-+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
-+ echo New test file $$name ; \
-+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
-+ 2> $(srcdir)/result/errors10/$$name.err \
-+ > $(srcdir)/result/errors10/$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ else \
-+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ diff $(srcdir)/result/errors10/$$name result.$$name ; \
-+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
-+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
-+ rm result.$$name error.$$name ; \
-+ fi ; fi ; done)
- @echo "## Error cases stream regression tests"
- -@(for i in $(srcdir)/test/errors/*.xml ; do \
- name=`basename $$i`; \
-diff --git a/parser.c b/parser.c
-index 609a270..8e11c12 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
- ctxt->input->line++; ctxt->input->col = 1; \
- } else ctxt->input->col++; \
- ctxt->input->cur += l; \
-- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
- } while (0)
-
- #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
-@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- len += l;
- NEXTL(l);
- c = CUR_CHAR(l);
-- if (c == 0) {
-- count = 0;
-- GROW;
-- if (ctxt->instate == XML_PARSER_EOF)
-- return(NULL);
-- c = CUR_CHAR(l);
-- }
- }
- }
- if ((len > XML_MAX_NAME_LENGTH) &&
-@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
- return(NULL);
- }
-+ if (ctxt->input->cur - ctxt->input->base < len) {
-+ /*
-+ * There were a couple of bugs where PERefs lead to to a change
-+ * of the buffer. Check the buffer size to avoid passing an invalid
-+ * pointer to xmlDictLookup.
-+ */
-+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
-+ "unexpected change of input buffer");
-+ return (NULL);
-+ }
- if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
-diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
-new file mode 100644
-index 0000000..da15c3f
---- /dev/null
-+++ b/result/errors10/781205.xml.err
-@@ -0,0 +1,21 @@
-+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+Entity: line 1: parser error : DOCTYPE improperly terminated
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+namespace error : Failed to parse QName ':0000'
-+ %a;
-+ ^
-+<:0000
-+ ^
-+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
-+
-+^
-diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
-new file mode 100644
-index 0000000..655f41a
---- /dev/null
-+++ b/result/errors10/781361.xml.err
-@@ -0,0 +1,13 @@
-+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
-+
-+^
-+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+
-+^
-+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
-+
-+^
-+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
-+
-+^
-diff --git a/result/valid/766956.xml b/result/valid/766956.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
-new file mode 100644
-index 0000000..34b1dae
---- /dev/null
-+++ b/result/valid/766956.xml.err
-@@ -0,0 +1,9 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
-new file mode 100644
-index 0000000..7760346
---- /dev/null
-+++ b/result/valid/766956.xml.err.rdr
-@@ -0,0 +1,10 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-+./test/valid/766956.xml : failed to parse
-diff --git a/runtest.c b/runtest.c
-index bb74d2a..63e8c20 100644
---- a/runtest.c
-+++ b/runtest.c
-@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
- { "Error cases regression tests",
- errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
- 0 },
-+ { "Error cases regression tests (old 1.0)",
-+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
-+ XML_PARSE_OLD10 },
- #ifdef LIBXML_READER_ENABLED
- { "Error cases stream regression tests",
- streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
-diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
-new file mode 100644
-index 0000000..d9e9e83
---- /dev/null
-+++ b/test/errors10/781205.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE D [
-+ <!ENTITY % a "<:0000">
-+ %a;
-diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
-new file mode 100644
-index 0000000..67476bc
---- /dev/null
-+++ b/test/errors10/781361.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE doc [
-+ <!ENTITY % elem "<!ELEMENT e0000000000">
-+ %elem;
-diff --git a/test/valid/766956.xml b/test/valid/766956.xml
-new file mode 100644
-index 0000000..19a95a0
---- /dev/null
-+++ b/test/valid/766956.xml
-@@ -0,0 +1,2 @@
-+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
-+<test/>
-diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
-new file mode 100644
-index 0000000..dddde68
---- /dev/null
-+++ b/test/valid/dtds/766956.dtd
-@@ -0,0 +1,2 @@
-+<!ENTITY % ent "value">
-+%ä%ent;
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
deleted file mode 100644
index c60e32f..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-libxml2-2.9.4: Fix more NULL pointer derefs
-
-xpointer: Fix more NULL pointer derefs
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..074db24 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- /*
- * Empty set ...
- */
-- if (end->nodesetval->nodeNr <= 0)
-+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
- return(NULL);
- break;
- default:
-@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
- */
- xmlNodeSetPtr set;
- set = tmp->nodesetval;
-- if ((set->nodeNr != 1) ||
-+ if ((set == NULL) || (set->nodeNr != 1) ||
- (set->nodeTab[0] != (xmlNodePtr) ctx->doc))
- stack++;
- } else
-@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- xmlXPathFreeObject(set);
- XP_ERROR(XPATH_MEMORY_ERROR);
- }
-- for (i = 0;i < oldset->locNr;i++) {
-- xmlXPtrLocationSetAdd(newset,
-- xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ if (oldset != NULL) {
-+ for (i = 0;i < oldset->locNr;i++) {
-+ xmlXPtrLocationSetAdd(newset,
-+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ }
- }
-
- /*
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
deleted file mode 100644
index faa5770..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
+++ /dev/null
@@ -1,590 +0,0 @@
-libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2
-
-[No upstream tracking]
-
-parser: Avoid reparsing in xmlParseStartTag2
-
-The code in xmlParseStartTag2 must handle the case that the input
-buffer was grown and reallocated which can invalidate pointers to
-attribute values. Before, this was handled by detecting changes of
-the input buffer "base" pointer and, in case of a change, jumping
-back to the beginning of the function and reparsing the start tag.
-
-The major problem of this approach is that whether an input buffer is
-reallocated is nondeterministic, resulting in seemingly random test
-failures. See the mailing list thread "runtest mystery bug: name2.xml
-error case regression test" from 2012, for example.
-
-If a reallocation was detected, the code also made no attempts to
-continue parsing in case of errors which makes a difference in
-the lax "recover" mode.
-
-Now we store the current input buffer "base" pointer for each (not
-separately allocated) attribute in the namespace URI field, which isn't
-used until later. After the whole start tag was parsed, the pointers to
-the attribute values are reconstructed using the offset between the
-new and the old input buffer. This relies on arithmetic on dangling
-pointers which is technically undefined behavior. But it seems like
-the easiest and most efficient fix and a similar approach is used in
-xmlParserInputGrow.
-
-This changes the error output of several tests, typically making it
-more verbose because we try harder to continue parsing in case of errors.
-
-(Another possible solution is to check not only the "base" pointer
-but the size of the input buffer as well. But this would result in
-even more reparsing.)
-
-Remove some goto labels and deduplicate a bit of code after handling
-namespaces.
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349]
- - [https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/parser.c b/parser.c
-index 609a270..74016e3 100644
---- a/parser.c
-+++ b/parser.c
-@@ -43,6 +43,7 @@
- #include <limits.h>
- #include <string.h>
- #include <stdarg.h>
-+#include <stddef.h>
- #include <libxml/xmlmemory.h>
- #include <libxml/threads.h>
- #include <libxml/globals.h>
-@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
- const xmlChar **atts = ctxt->atts;
- int maxatts = ctxt->maxatts;
- int nratts, nbatts, nbdef;
-- int i, j, nbNs, attval, oldline, oldcol, inputNr;
-- const xmlChar *base;
-+ int i, j, nbNs, attval;
- unsigned long cur;
- int nsNr = ctxt->nsNr;
-
-@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
- * The Shrinking is only possible once the full set of attribute
- * callbacks have been done.
- */
--reparse:
- SHRINK;
-- base = ctxt->input->base;
- cur = ctxt->input->cur - ctxt->input->base;
-- inputNr = ctxt->inputNr;
-- oldline = ctxt->input->line;
-- oldcol = ctxt->input->col;
- nbatts = 0;
- nratts = 0;
- nbdef = 0;
-@@ -9422,8 +9417,6 @@ reparse:
- */
- SKIP_BLANKS;
- GROW;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-
- while (((RAW != '>') &&
- ((RAW != '/') || (NXT(1) != '>')) &&
-@@ -9434,203 +9427,174 @@ reparse:
-
- attname = xmlParseAttribute2(ctxt, prefix, localname,
- &aprefix, &attvalue, &len, &alloc);
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
-- if ((attvalue != NULL) && (alloc != 0))
-- xmlFree(attvalue);
-- attvalue = NULL;
-- goto base_changed;
-- }
-- if ((attname != NULL) && (attvalue != NULL)) {
-- if (len < 0) len = xmlStrlen(attvalue);
-- if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
-- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-- xmlURIPtr uri;
--
-- if (URL == NULL) {
-- xmlErrMemory(ctxt, "dictionary allocation failure");
-- if ((attvalue != NULL) && (alloc != 0))
-- xmlFree(attvalue);
-- return(NULL);
-- }
-- if (*URL != 0) {
-- uri = xmlParseURI((const char *) URL);
-- if (uri == NULL) {
-- xmlNsErr(ctxt, XML_WAR_NS_URI,
-- "xmlns: '%s' is not a valid URI\n",
-- URL, NULL, NULL);
-- } else {
-- if (uri->scheme == NULL) {
-- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-- "xmlns: URI %s is not absolute\n",
-- URL, NULL, NULL);
-- }
-- xmlFreeURI(uri);
-- }
-- if (URL == ctxt->str_xml_ns) {
-- if (attname != ctxt->str_xml) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace URI cannot be the default namespace\n",
-- NULL, NULL, NULL);
-- }
-- goto skip_default_ns;
-- }
-- if ((len == 29) &&
-- (xmlStrEqual(URL,
-- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "reuse of the xmlns namespace name is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_default_ns;
-- }
-- }
-- /*
-- * check that it's not a defined namespace
-- */
-- for (j = 1;j <= nbNs;j++)
-- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
-- break;
-- if (j <= nbNs)
-- xmlErrAttributeDup(ctxt, NULL, attname);
-- else
-- if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
--skip_default_ns:
-- if ((attvalue != NULL) && (alloc != 0)) {
-- xmlFree(attvalue);
-- attvalue = NULL;
-- }
-- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
-- break;
-- if (!IS_BLANK_CH(RAW)) {
-- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
-- "attributes construct error\n");
-- break;
-- }
-- SKIP_BLANKS;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-- continue;
-- }
-- if (aprefix == ctxt->str_xmlns) {
-- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-- xmlURIPtr uri;
--
-- if (attname == ctxt->str_xml) {
-- if (URL != ctxt->str_xml_ns) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace prefix mapped to wrong URI\n",
-- NULL, NULL, NULL);
-- }
-- /*
-- * Do not keep a namespace definition node
-- */
-- goto skip_ns;
-- }
-+ if ((attname == NULL) || (attvalue == NULL))
-+ goto next_attr;
-+ if (len < 0) len = xmlStrlen(attvalue);
-+
-+ if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
-+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+ xmlURIPtr uri;
-+
-+ if (URL == NULL) {
-+ xmlErrMemory(ctxt, "dictionary allocation failure");
-+ if ((attvalue != NULL) && (alloc != 0))
-+ xmlFree(attvalue);
-+ return(NULL);
-+ }
-+ if (*URL != 0) {
-+ uri = xmlParseURI((const char *) URL);
-+ if (uri == NULL) {
-+ xmlNsErr(ctxt, XML_WAR_NS_URI,
-+ "xmlns: '%s' is not a valid URI\n",
-+ URL, NULL, NULL);
-+ } else {
-+ if (uri->scheme == NULL) {
-+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+ "xmlns: URI %s is not absolute\n",
-+ URL, NULL, NULL);
-+ }
-+ xmlFreeURI(uri);
-+ }
- if (URL == ctxt->str_xml_ns) {
-- if (attname != ctxt->str_xml) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xml namespace URI mapped to wrong prefix\n",
-- NULL, NULL, NULL);
-- }
-- goto skip_ns;
-- }
-- if (attname == ctxt->str_xmlns) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "redefinition of the xmlns prefix is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_ns;
-- }
-- if ((len == 29) &&
-- (xmlStrEqual(URL,
-- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "reuse of the xmlns namespace name is forbidden\n",
-- NULL, NULL, NULL);
-- goto skip_ns;
-- }
-- if ((URL == NULL) || (URL[0] == 0)) {
-- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-- "xmlns:%s: Empty XML namespace is not allowed\n",
-- attname, NULL, NULL);
-- goto skip_ns;
-- } else {
-- uri = xmlParseURI((const char *) URL);
-- if (uri == NULL) {
-- xmlNsErr(ctxt, XML_WAR_NS_URI,
-- "xmlns:%s: '%s' is not a valid URI\n",
-- attname, URL, NULL);
-- } else {
-- if ((ctxt->pedantic) && (uri->scheme == NULL)) {
-- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-- "xmlns:%s: URI %s is not absolute\n",
-- attname, URL, NULL);
-- }
-- xmlFreeURI(uri);
-- }
-- }
--
-- /*
-- * check that it's not a defined namespace
-- */
-- for (j = 1;j <= nbNs;j++)
-- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
-- break;
-- if (j <= nbNs)
-- xmlErrAttributeDup(ctxt, aprefix, attname);
-- else
-- if (nsPush(ctxt, attname, URL) > 0) nbNs++;
--skip_ns:
-- if ((attvalue != NULL) && (alloc != 0)) {
-- xmlFree(attvalue);
-- attvalue = NULL;
-- }
-- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
-- break;
-- if (!IS_BLANK_CH(RAW)) {
-- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
-- "attributes construct error\n");
-- break;
-- }
-- SKIP_BLANKS;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-- continue;
-- }
-+ if (attname != ctxt->str_xml) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace URI cannot be the default namespace\n",
-+ NULL, NULL, NULL);
-+ }
-+ goto next_attr;
-+ }
-+ if ((len == 29) &&
-+ (xmlStrEqual(URL,
-+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "reuse of the xmlns namespace name is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ }
-+ /*
-+ * check that it's not a defined namespace
-+ */
-+ for (j = 1;j <= nbNs;j++)
-+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
-+ break;
-+ if (j <= nbNs)
-+ xmlErrAttributeDup(ctxt, NULL, attname);
-+ else
-+ if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
-+
-+ } else if (aprefix == ctxt->str_xmlns) {
-+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+ xmlURIPtr uri;
-+
-+ if (attname == ctxt->str_xml) {
-+ if (URL != ctxt->str_xml_ns) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace prefix mapped to wrong URI\n",
-+ NULL, NULL, NULL);
-+ }
-+ /*
-+ * Do not keep a namespace definition node
-+ */
-+ goto next_attr;
-+ }
-+ if (URL == ctxt->str_xml_ns) {
-+ if (attname != ctxt->str_xml) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xml namespace URI mapped to wrong prefix\n",
-+ NULL, NULL, NULL);
-+ }
-+ goto next_attr;
-+ }
-+ if (attname == ctxt->str_xmlns) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "redefinition of the xmlns prefix is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ if ((len == 29) &&
-+ (xmlStrEqual(URL,
-+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "reuse of the xmlns namespace name is forbidden\n",
-+ NULL, NULL, NULL);
-+ goto next_attr;
-+ }
-+ if ((URL == NULL) || (URL[0] == 0)) {
-+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+ "xmlns:%s: Empty XML namespace is not allowed\n",
-+ attname, NULL, NULL);
-+ goto next_attr;
-+ } else {
-+ uri = xmlParseURI((const char *) URL);
-+ if (uri == NULL) {
-+ xmlNsErr(ctxt, XML_WAR_NS_URI,
-+ "xmlns:%s: '%s' is not a valid URI\n",
-+ attname, URL, NULL);
-+ } else {
-+ if ((ctxt->pedantic) && (uri->scheme == NULL)) {
-+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+ "xmlns:%s: URI %s is not absolute\n",
-+ attname, URL, NULL);
-+ }
-+ xmlFreeURI(uri);
-+ }
-+ }
-
-- /*
-- * Add the pair to atts
-- */
-- if ((atts == NULL) || (nbatts + 5 > maxatts)) {
-- if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
-- if (attvalue[len] == 0)
-- xmlFree(attvalue);
-- goto failed;
-- }
-- maxatts = ctxt->maxatts;
-- atts = ctxt->atts;
-- }
-- ctxt->attallocs[nratts++] = alloc;
-- atts[nbatts++] = attname;
-- atts[nbatts++] = aprefix;
-- atts[nbatts++] = NULL; /* the URI will be fetched later */
-- atts[nbatts++] = attvalue;
-- attvalue += len;
-- atts[nbatts++] = attvalue;
-- /*
-- * tag if some deallocation is needed
-- */
-- if (alloc != 0) attval = 1;
-- } else {
-- if ((attvalue != NULL) && (attvalue[len] == 0))
-- xmlFree(attvalue);
-- }
-+ /*
-+ * check that it's not a defined namespace
-+ */
-+ for (j = 1;j <= nbNs;j++)
-+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
-+ break;
-+ if (j <= nbNs)
-+ xmlErrAttributeDup(ctxt, aprefix, attname);
-+ else
-+ if (nsPush(ctxt, attname, URL) > 0) nbNs++;
-+
-+ } else {
-+ /*
-+ * Add the pair to atts
-+ */
-+ if ((atts == NULL) || (nbatts + 5 > maxatts)) {
-+ if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
-+ goto next_attr;
-+ }
-+ maxatts = ctxt->maxatts;
-+ atts = ctxt->atts;
-+ }
-+ ctxt->attallocs[nratts++] = alloc;
-+ atts[nbatts++] = attname;
-+ atts[nbatts++] = aprefix;
-+ /*
-+ * The namespace URI field is used temporarily to point at the
-+ * base of the current input buffer for non-alloced attributes.
-+ * When the input buffer is reallocated, all the pointers become
-+ * invalid, but they can be reconstructed later.
-+ */
-+ if (alloc)
-+ atts[nbatts++] = NULL;
-+ else
-+ atts[nbatts++] = ctxt->input->base;
-+ atts[nbatts++] = attvalue;
-+ attvalue += len;
-+ atts[nbatts++] = attvalue;
-+ /*
-+ * tag if some deallocation is needed
-+ */
-+ if (alloc != 0) attval = 1;
-+ attvalue = NULL; /* moved into atts */
-+ }
-
--failed:
-+next_attr:
-+ if ((attvalue != NULL) && (alloc != 0)) {
-+ xmlFree(attvalue);
-+ attvalue = NULL;
-+ }
-
- GROW
- if (ctxt->instate == XML_PARSER_EOF)
- break;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
- break;
- if (!IS_BLANK_CH(RAW)) {
-@@ -9646,8 +9610,20 @@ failed:
- break;
- }
- GROW;
-- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
-- goto base_changed;
-+ }
-+
-+ /* Reconstruct attribute value pointers. */
-+ for (i = 0, j = 0; j < nratts; i += 5, j++) {
-+ if (atts[i+2] != NULL) {
-+ /*
-+ * Arithmetic on dangling pointers is technically undefined
-+ * behavior, but well...
-+ */
-+ ptrdiff_t offset = ctxt->input->base - atts[i+2];
-+ atts[i+2] = NULL; /* Reset repurposed namespace URI */
-+ atts[i+3] += offset; /* value */
-+ atts[i+4] += offset; /* valuend */
-+ }
- }
-
- /*
-@@ -9804,34 +9780,6 @@ failed:
- }
-
- return(localname);
--
--base_changed:
-- /*
-- * the attribute strings are valid iif the base didn't changed
-- */
-- if (attval != 0) {
-- for (i = 3,j = 0; j < nratts;i += 5,j++)
-- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
-- xmlFree((xmlChar *) atts[i]);
-- }
--
-- /*
-- * We can't switch from one entity to another in the middle
-- * of a start tag
-- */
-- if (inputNr != ctxt->inputNr) {
-- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
-- "Start tag doesn't start and stop in the same entity\n");
-- return(NULL);
-- }
--
-- ctxt->input->cur = ctxt->input->base + cur;
-- ctxt->input->line = oldline;
-- ctxt->input->col = oldcol;
-- if (ctxt->wellFormed == 1) {
-- goto reparse;
-- }
-- return(NULL);
- }
-
- /**
-diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err
-index e08d9bf..f6036a3 100644
---- a/result/errors/759398.xml.err
-+++ b/result/errors/759398.xml.err
-@@ -1,9 +1,12 @@
- ./test/errors/759398.xml:210: parser error : StartTag: invalid element name
- need to worry about parsers whi<! don't expand PErefs finding
- ^
--./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: spec line 50 and termdef
-+./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ!
âââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââm line 308 and termdef
- and provide access to their content and structure.</termdef> <termdef
- ^
--./test/errors/759398.xml:309: parser error : Extra content at the end of the document
--and provide access to their content and structure.</termdef> <termdef
-- ^
-+./test/errors/759398.xml:314: parser error : Opening and ending tag mismatch: spec line 50 and p
-+data and the information it must provide to the application.</p>
-+ ^
-+./test/errors/759398.xml:316: parser error : Extra content at the end of the document
-+<div2 id='sec-origin-goals'>
-+^
-diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err
-index 4f08538..c4c4fc8 100644
---- a/result/errors/attr1.xml.err
-+++ b/result/errors/attr1.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr1.xml:2: parser error : AttValue: ' expected
-
- ^
--./test/errors/attr1.xml:1: parser error : Extra content at the end of the document
--<foo foo="oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr1.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr1.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/attr2.xml.err b/result/errors/attr2.xml.err
-index c8a9c7d..77e342e 100644
---- a/result/errors/attr2.xml.err
-+++ b/result/errors/attr2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr2.xml:2: parser error : AttValue: ' expected
-
- ^
--./test/errors/attr2.xml:1: parser error : Extra content at the end of the document
--<foo foo=">ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err
-index a6649a1..8a6acee 100644
---- a/result/errors/name2.xml.err
-+++ b/result/errors/name2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/name2.xml:2: parser error : Specification mandate value for attribute foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!
ooooooooo
ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-
- ^
--./test/errors/name2.xml:1: parser error : Extra content at the end of the document
--<foo foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/name2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/name2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
deleted file mode 100644
index 65f6bef..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-libxml2-2.9.4: Fix comparison with root node in xmlXPathCmpNodes and NULL pointer deref in XPointer
-
-xpath:
- - Check for errors after evaluating first operand.
- - Add sanity check for empty stack.
- - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8]
-CVE: CVE-2016-5131
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
-new file mode 100644
-index 0000000..d589882
---- /dev/null
-+++ b/result/XPath/xptr/viderror
-@@ -0,0 +1,4 @@
-+
-+========================
-+Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
-+Object is empty (NULL)
-diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
-new file mode 100644
-index 0000000..da8c53b
---- /dev/null
-+++ b/test/XPath/xptr/viderror
-@@ -0,0 +1 @@
-+xpointer(non-existing-fn()/range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index 113bce6..d992841 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
- * compute depth to root
- */
- for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node1)
-+ if (cur->parent == node1)
- return(1);
- depth2++;
- }
- root = cur;
- for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node2)
-+ if (cur->parent == node2)
- return(-1);
- depth1++;
- }
-@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- xmlNodeSetPtr oldset;
- int i, j;
-
-- if (op->ch1 != -1)
-+ if (op->ch1 != -1) {
- total +=
- xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
-+ CHECK_ERROR0;
-+ }
-+ if (ctxt->value == NULL) {
-+ XP_ERROR0(XPATH_INVALID_OPERAND);
-+ }
- if (op->ch2 == -1)
- return (total);
-
diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch b/meta/recipes-core/libxml/libxml2/runtest.patch
index 6e56857..cb171d5 100644
--- a/meta/recipes-core/libxml/libxml2/runtest.patch
+++ b/meta/recipes-core/libxml/libxml2/runtest.patch
@@ -2,47 +2,29 @@ Add 'install-ptest' rule.
Print a standard result line for each test.
Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
-Signed-off-by: Andrej Valek <andrej.valek@enea.com>
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Upstream-Status: Backport
diff -uNr a/Makefile.am b/Makefile.am
---- a/Makefile.am 2016-05-22 03:49:02.000000000 +0200
-+++ b/Makefile.am 2017-06-14 10:38:43.381305385 +0200
-@@ -202,10 +202,24 @@
+--- a/Makefile.am 2017-08-28 15:01:14.000000000 +0200
++++ b/Makefile.am 2017-09-05 08:06:05.752287323 +0200
+@@ -202,6 +202,15 @@
#testOOM_DEPENDENCIES = $(DEPS)
#testOOM_LDADD= $(LDADDS)
+install-ptest:
+ @(if [ -d .libs ] ; then cd .libs; fi; \
-+ install $(noinst_PROGRAMS) $(DESTDIR))
++ install $(check_PROGRAMS) $(DESTDIR))
+ cp -r $(srcdir)/test $(DESTDIR)
+ cp -r $(srcdir)/result $(DESTDIR)
+ cp -r $(srcdir)/python $(DESTDIR)
+ cp Makefile $(DESTDIR)
+ sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile
+
- runtests:
+ runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \
+ testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT)
[ -d test ] || $(LN_S) $(srcdir)/test .
- [ -d result ] || $(LN_S) $(srcdir)/result .
-- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
-+ $(CHECKER) ./runtest$(EXEEXT) && \
-+ $(CHECKER) ./testrecurse$(EXEEXT) && \
-+ ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) ./testapi$(EXEEXT) && \
-+ $(CHECKER) ./testchar$(EXEEXT) && \
-+ $(CHECKER) ./testdict$(EXEEXT) && \
-+ $(CHECKER) ./runxmlconf$(EXEEXT)
- @(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \
- $(MAKE) tests ; fi)
-
-@@ -229,7 +243,7 @@
-
- APItests: testapi$(EXEEXT)
- @echo "## Running the API regression tests this may take a little while"
-- -@($(CHECKER) $(top_builddir)/testapi -q)
-+ -@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) $(top_builddir)/testapi -q)
-
- HTMLtests : testHTML$(EXEEXT)
- @(echo > .memdump)
+
diff -uNr a/runsuite.c b/runsuite.c
--- a/runsuite.c 2013-04-12 16:17:11.462823238 +0200
+++ b/runsuite.c 2013-04-17 14:07:24.352693211 +0200
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.7.bb
similarity index 86%
rename from meta/recipes-core/libxml/libxml2_2.9.4.bb
rename to meta/recipes-core/libxml/libxml2_2.9.7.bb
index 9adb29c..996e671 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.7.bb
@@ -19,21 +19,11 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
file://run-ptest \
file://python-sitepackages-dir.patch \
file://libxml-m4-use-pkgconfig.patch \
- file://libxml2-fix_node_comparison.patch \
- file://libxml2-CVE-2016-5131.patch \
- file://libxml2-CVE-2016-4658.patch \
- file://libxml2-fix_NULL_pointer_derefs.patch \
- file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
- file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
- file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
- file://libxml2-CVE-2017-5969.patch \
- file://libxml2-CVE-2017-0663.patch \
- file://libxml2-CVE-2017-8872.patch \
file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
"
-SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
-SRC_URI[libtar.sha256sum] = "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c"
+SRC_URI[libtar.md5sum] = "896608641a08b465098a40ddf51cefba"
+SRC_URI[libtar.sha256sum] = "f63c5e7d30362ed28b38bfa1ac6313f9a80230720b7fb6c80575eeab3ff5900c"
SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a"
SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
@@ -81,6 +71,10 @@ do_configure_prepend () {
find ${WORKDIR}/xmlconf/ -type f -exec chmod -x {} \+
}
+do_compile_ptest() {
+ oe_runmake check-am
+}
+
do_install_ptest () {
cp -r ${WORKDIR}/xmlconf ${D}${PTEST_PATH}
if [ "${@bb.utils.filter('PACKAGECONFIG', 'python', d)}" ]; then
--
2.1.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* Re: [PATCH v3] libxml2: 2.9.4 -> 2.9.6
2017-10-06 7:27 ` [PATCH v3] libxml2: 2.9.4 -> 2.9.6 Andrej Valek
2017-10-06 12:11 ` Alexander Kanavin
@ 2017-11-06 7:34 ` Andrej Valek
1 sibling, 0 replies; 24+ messages in thread
From: Andrej Valek @ 2017-11-06 7:34 UTC (permalink / raw)
To: openembedded-core
This patch is obsolete, due to merged upgrade to version 2.9.5 .
I have sent the new one, which upgrades version to 2.9.7
http://lists.openembedded.org/pipermail/openembedded-core/2017-November/143973.html
Andrej
On 10/06/2017 09:27 AM, Andrej Valek wrote:
> Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> ---
> .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +-
> .../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 ----------
> .../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 -------
> .../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 --
> .../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ---
> .../libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 --
> .../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ----
> .../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ----------
> .../libxml2/libxml2-fix_NULL_pointer_derefs.patch | 45 --
> ...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 ---------------------
> .../libxml2/libxml2-fix_node_comparison.patch | 67 ---
> meta/recipes-core/libxml/libxml2/runtest.patch | 34 +-
> .../libxml/{libxml2_2.9.4.bb => libxml2_2.9.6.bb} | 18 +-
> 13 files changed, 15 insertions(+), 1723 deletions(-)
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
> rename meta/recipes-core/libxml/{libxml2_2.9.4.bb => libxml2_2.9.6.bb} (85%)
>
> diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
> index 3277165..d9ed151 100644
> --- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
> +++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
> @@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644
> - echo "*** If you have an old version installed, it is best to remove it, although"
> - echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ],
> - [ echo "*** The test program failed to compile or link. See the file config.log for the"
> -- echo "*** exact error that occured. This usually means LIBXML was incorrectly installed"
> +- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed"
> - echo "*** or that you have moved LIBXML since it was installed. In the latter case, you"
> - echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ])
> - CPPFLAGS="$ac_save_CPPFLAGS"
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
> deleted file mode 100644
> index bb55eed..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
> +++ /dev/null
> @@ -1,269 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2016-4658
> -
> -[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658
> -
> -xpointer: Disallow namespace nodes in XPointer points and ranges
> -
> -Namespace nodes must be copied to avoid use-after-free errors.
> -But they don't necessarily have a physical representation in a
> -document, so simply disallow them in XPointer ranges.
> -
> -Upstream-Status: Backport
> - - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
> - - [https://git.gnome.org/browse/libxml2/commit/?id=3f8a91036d338e51c059d54397a42d645f019c65]
> -CVE: CVE-2016-4658
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
> -
> -diff --git a/xpointer.c b/xpointer.c
> -index 676c510..911680d 100644
> ---- a/xpointer.c
> -+++ b/xpointer.c
> -@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
> - }
> -
> - /**
> -+ * xmlXPtrNewRangeInternal:
> -+ * @start: the starting node
> -+ * @startindex: the start index
> -+ * @end: the ending point
> -+ * @endindex: the ending index
> -+ *
> -+ * Internal function to create a new xmlXPathObjectPtr of type range
> -+ *
> -+ * Returns the newly created object.
> -+ */
> -+static xmlXPathObjectPtr
> -+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
> -+ xmlNodePtr end, int endindex) {
> -+ xmlXPathObjectPtr ret;
> -+
> -+ /*
> -+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
> -+ * Disallow them for now.
> -+ */
> -+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
> -+ return(NULL);
> -+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
> -+ return(NULL);
> -+
> -+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -+ if (ret == NULL) {
> -+ xmlXPtrErrMemory("allocating range");
> -+ return(NULL);
> -+ }
> -+ memset(ret, 0, sizeof(xmlXPathObject));
> -+ ret->type = XPATH_RANGE;
> -+ ret->user = start;
> -+ ret->index = startindex;
> -+ ret->user2 = end;
> -+ ret->index2 = endindex;
> -+ return(ret);
> -+}
> -+
> -+/**
> - * xmlXPtrNewRange:
> - * @start: the starting node
> - * @startindex: the start index
> -@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
> - if (endindex < 0)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = startindex;
> -- ret->user2 = end;
> -- ret->index2 = endindex;
> -+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
> - if (end->type != XPATH_POINT)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start->user;
> -- ret->index = start->index;
> -- ret->user2 = end->user;
> -- ret->index2 = end->index;
> -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
> -+ end->index);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
> - if (start->type != XPATH_POINT)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start->user;
> -- ret->index = start->index;
> -- ret->user2 = end;
> -- ret->index2 = -1;
> -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
> - if (end->type != XPATH_POINT)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- ret->user2 = end->user;
> -- ret->index2 = end->index;
> -+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
> - if (end == NULL)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- ret->user2 = end;
> -- ret->index2 = -1;
> -+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
> - if (start == NULL)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- ret->user2 = NULL;
> -- ret->index2 = -1;
> -+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
> - return(ret);
> - }
> -
> -@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
> - */
> - xmlXPathObjectPtr
> - xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
> -+ xmlNodePtr endNode;
> -+ int endIndex;
> - xmlXPathObjectPtr ret;
> -
> - if (start == NULL)
> -@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
> - return(NULL);
> - switch (end->type) {
> - case XPATH_POINT:
> -+ endNode = end->user;
> -+ endIndex = end->index;
> -+ break;
> - case XPATH_RANGE:
> -+ endNode = end->user2;
> -+ endIndex = end->index2;
> - break;
> - case XPATH_NODESET:
> - /*
> -@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
> - */
> - if (end->nodesetval->nodeNr <= 0)
> - return(NULL);
> -+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
> -+ endIndex = -1;
> - break;
> - default:
> - /* TODO */
> - return(NULL);
> - }
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- switch (end->type) {
> -- case XPATH_POINT:
> -- ret->user2 = end->user;
> -- ret->index2 = end->index;
> -- break;
> -- case XPATH_RANGE:
> -- ret->user2 = end->user2;
> -- ret->index2 = end->index2;
> -- break;
> -- case XPATH_NODESET: {
> -- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
> -- ret->index2 = -1;
> -- break;
> -- }
> -- default:
> -- STRANGE
> -- return(NULL);
> -- }
> -+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
> - case XPATH_RANGE: {
> - xmlNodePtr node = tmp->user;
> - if (node != NULL) {
> -- if (node->type == XML_ATTRIBUTE_NODE) {
> -- /* TODO: Namespace Nodes ??? */
> -+ if ((node->type == XML_ATTRIBUTE_NODE) ||
> -+ (node->type == XML_NAMESPACE_DECL)) {
> - xmlXPathFreeObject(obj);
> - xmlXPtrFreeLocationSet(newset);
> - XP_ERROR(XPTR_SYNTAX_ERROR);
> -@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
> - case XPATH_RANGE: {
> - xmlNodePtr node = tmp->user2;
> - if (node != NULL) {
> -- if (node->type == XML_ATTRIBUTE_NODE) {
> -- /* TODO: Namespace Nodes ??? */
> -+ if ((node->type == XML_ATTRIBUTE_NODE) ||
> -+ (node->type == XML_NAMESPACE_DECL)) {
> - xmlXPathFreeObject(obj);
> - xmlXPtrFreeLocationSet(newset);
> - XP_ERROR(XPTR_SYNTAX_ERROR);
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
> deleted file mode 100644
> index 9d47d02..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
> +++ /dev/null
> @@ -1,180 +0,0 @@
> -From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
> -From: Nick Wellnhofer <wellnhofer@aevum.de>
> -Date: Tue, 28 Jun 2016 14:22:23 +0200
> -Subject: [PATCH] Fix XPointer paths beginning with range-to
> -
> -The old code would invoke the broken xmlXPtrRangeToFunction. range-to
> -isn't really a function but a special kind of location step. Remove
> -this function and always handle range-to in the XPath code.
> -
> -The old xmlXPtrRangeToFunction could also be abused to trigger a
> -use-after-free error with the potential for remote code execution.
> -
> -Found with afl-fuzz.
> -
> -Fixes CVE-2016-5131.
> -
> -CVE: CVE-2016-5131
> -Upstream-Status: Backport
> -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
> -
> -Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
> ----
> - result/XPath/xptr/vidbase | 13 ++++++++
> - test/XPath/xptr/vidbase | 1 +
> - xpath.c | 7 ++++-
> - xpointer.c | 76 ++++-------------------------------------------
> - 4 files changed, 26 insertions(+), 71 deletions(-)
> -
> -diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
> -index 8b9e92d..f19193e 100644
> ---- a/result/XPath/xptr/vidbase
> -+++ b/result/XPath/xptr/vidbase
> -@@ -17,3 +17,16 @@ Object is a Location Set:
> - To node
> - ELEMENT p
> -
> -+
> -+========================
> -+Expression: xpointer(range-to(id('chapter2')))
> -+Object is a Location Set:
> -+1 : Object is a range :
> -+ From node
> -+ /
> -+ To node
> -+ ELEMENT chapter
> -+ ATTRIBUTE id
> -+ TEXT
> -+ content=chapter2
> -+
> -diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
> -index b146383..884b106 100644
> ---- a/test/XPath/xptr/vidbase
> -+++ b/test/XPath/xptr/vidbase
> -@@ -1,2 +1,3 @@
> - xpointer(id('chapter1')/p)
> - xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
> -+xpointer(range-to(id('chapter2')))
> -diff --git a/xpath.c b/xpath.c
> -index d992841..5a01b1b 100644
> ---- a/xpath.c
> -+++ b/xpath.c
> -@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
> - lc = 1;
> - break;
> - } else if ((NXT(len) == '(')) {
> -- /* Note Type or Function */
> -+ /* Node Type or Function */
> - if (xmlXPathIsNodeType(name)) {
> - #ifdef DEBUG_STEP
> - xmlGenericError(xmlGenericErrorContext,
> - "PathExpr: Type search\n");
> - #endif
> - lc = 1;
> -+#ifdef LIBXML_XPTR_ENABLED
> -+ } else if (ctxt->xptr &&
> -+ xmlStrEqual(name, BAD_CAST "range-to")) {
> -+ lc = 1;
> -+#endif
> - } else {
> - #ifdef DEBUG_STEP
> - xmlGenericError(xmlGenericErrorContext,
> -diff --git a/xpointer.c b/xpointer.c
> -index 676c510..d74174a 100644
> ---- a/xpointer.c
> -+++ b/xpointer.c
> -@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
> - ret->here = here;
> - ret->origin = origin;
> -
> -- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
> -- xmlXPtrRangeToFunction);
> - xmlXPathRegisterFunc(ret, (xmlChar *)"range",
> - xmlXPtrRangeFunction);
> - xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
> -@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
> - * @nargs: the number of args
> - *
> - * Implement the range-to() XPointer function
> -+ *
> -+ * Obsolete. range-to is not a real function but a special type of location
> -+ * step which is handled in xpath.c.
> - */
> - void
> --xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
> -- xmlXPathObjectPtr range;
> -- const xmlChar *cur;
> -- xmlXPathObjectPtr res, obj;
> -- xmlXPathObjectPtr tmp;
> -- xmlLocationSetPtr newset = NULL;
> -- xmlNodeSetPtr oldset;
> -- int i;
> --
> -- if (ctxt == NULL) return;
> -- CHECK_ARITY(1);
> -- /*
> -- * Save the expression pointer since we will have to evaluate
> -- * it multiple times. Initialize the new set.
> -- */
> -- CHECK_TYPE(XPATH_NODESET);
> -- obj = valuePop(ctxt);
> -- oldset = obj->nodesetval;
> -- ctxt->context->node = NULL;
> --
> -- cur = ctxt->cur;
> -- newset = xmlXPtrLocationSetCreate(NULL);
> --
> -- for (i = 0; i < oldset->nodeNr; i++) {
> -- ctxt->cur = cur;
> --
> -- /*
> -- * Run the evaluation with a node list made of a single item
> -- * in the nodeset.
> -- */
> -- ctxt->context->node = oldset->nodeTab[i];
> -- tmp = xmlXPathNewNodeSet(ctxt->context->node);
> -- valuePush(ctxt, tmp);
> --
> -- xmlXPathEvalExpr(ctxt);
> -- CHECK_ERROR;
> --
> -- /*
> -- * The result of the evaluation need to be tested to
> -- * decided whether the filter succeeded or not
> -- */
> -- res = valuePop(ctxt);
> -- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
> -- if (range != NULL) {
> -- xmlXPtrLocationSetAdd(newset, range);
> -- }
> --
> -- /*
> -- * Cleanup
> -- */
> -- if (res != NULL)
> -- xmlXPathFreeObject(res);
> -- if (ctxt->value == tmp) {
> -- res = valuePop(ctxt);
> -- xmlXPathFreeObject(res);
> -- }
> --
> -- ctxt->context->node = NULL;
> -- }
> --
> -- /*
> -- * The result is used as the new evaluation set.
> -- */
> -- xmlXPathFreeObject(obj);
> -- ctxt->context->node = NULL;
> -- ctxt->context->contextSize = -1;
> -- ctxt->context->proximityPosition = -1;
> -- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
> -+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
> -+ int nargs ATTRIBUTE_UNUSED) {
> -+ XP_ERROR(XPATH_EXPR_ERROR);
> - }
> -
> - /**
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
> deleted file mode 100644
> index 0108265..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
> +++ /dev/null
> @@ -1,40 +0,0 @@
> -libxml2: Fix CVE-2017-0663
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
> -
> -valid: Fix type confusion in xmlValidateOneNamespace
> -
> -Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
> -on namespace declarations make no practical sense anyway.
> -
> -Fixes bug 780228
> -
> -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
> -CVE: CVE-2017-0663
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/valid.c b/valid.c
> -index 19f84b8..e03d35e 100644
> ---- a/valid.c
> -+++ b/valid.c
> -@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
> - }
> - }
> -
> -+ /*
> -+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
> -+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
> -+ * no practical sense to use ID types anyway.
> -+ */
> -+#if 0
> - /* Validity Constraint: ID uniqueness */
> - if (attrDecl->atype == XML_ATTRIBUTE_ID) {
> - if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
> -@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
> - if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
> - ret = 0;
> - }
> -+#endif
> -
> - /* Validity Constraint: Notation Attributes */
> - if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
> deleted file mode 100644
> index 571b05c..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
> +++ /dev/null
> @@ -1,62 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2017-5969
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
> -
> -valid: Fix NULL pointer deref in xmlDumpElementContent
> -
> -Can only be triggered in recovery mode.
> -
> -Fixes bug 758422
> -
> -Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882]
> -CVE: CVE-2017-5969
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/valid.c b/valid.c
> -index 19f84b8..0a8e58a 100644
> ---- a/valid.c
> -+++ b/valid.c
> -@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
> - xmlBufferWriteCHAR(buf, content->name);
> - break;
> - case XML_ELEMENT_CONTENT_SEQ:
> -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
> -+ if ((content->c1 != NULL) &&
> -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
> - xmlDumpElementContent(buf, content->c1, 1);
> - else
> - xmlDumpElementContent(buf, content->c1, 0);
> - xmlBufferWriteChar(buf, " , ");
> -- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
> -- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
> -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
> -+ if ((content->c2 != NULL) &&
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
> -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
> - xmlDumpElementContent(buf, content->c2, 1);
> - else
> - xmlDumpElementContent(buf, content->c2, 0);
> - break;
> - case XML_ELEMENT_CONTENT_OR:
> -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
> -+ if ((content->c1 != NULL) &&
> -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
> - xmlDumpElementContent(buf, content->c1, 1);
> - else
> - xmlDumpElementContent(buf, content->c1, 0);
> - xmlBufferWriteChar(buf, " | ");
> -- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
> -- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
> -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
> -+ if ((content->c2 != NULL) &&
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
> -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
> - xmlDumpElementContent(buf, content->c2, 1);
> - else
> - xmlDumpElementContent(buf, content->c2, 0);
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
> deleted file mode 100644
> index 26779aa..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
> +++ /dev/null
> @@ -1,37 +0,0 @@
> -From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
> -From: Hongxu Jia <hongxu.jia@windriver.com>
> -Date: Wed, 23 Aug 2017 16:04:49 +0800
> -Subject: [PATCH] fix CVE-2017-8872
> -
> -this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
> -il too here.
> -
> -this seems to cure this specific issue, and also passes the testsuite
> -
> -Signed-off-by: Marcus Meissner <meissner@suse.de>
> -
> -https://bugzilla.gnome.org/show_bug.cgi?id=775200
> -Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
> -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
> ----
> - parser.c | 4 ++++
> - 1 file changed, 4 insertions(+)
> -
> -diff --git a/parser.c b/parser.c
> -index 9506ead..6c07ffd 100644
> ---- a/parser.c
> -+++ b/parser.c
> -@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
> - }
> - ctxt->input->cur = BAD_CAST"";
> - ctxt->input->base = ctxt->input->cur;
> -+ if (ctxt->input->buf) {
> -+ xmlBufEmpty (ctxt->input->buf->buffer);
> -+ } else
> -+ ctxt->input->length = 0;
> - }
> - }
> -
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
> deleted file mode 100644
> index 8b03456..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
> +++ /dev/null
> @@ -1,103 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333
> - -- https://bugzilla.gnome.org/show_bug.cgi?id=781701
> -
> -valid: Fix buffer size checks in xmlSnprintfElementContent
> -
> -xmlSnprintfElementContent failed to correctly check the available
> -buffer space in two locations.
> -
> -Fixes bug 781333 and bug 781701
> -
> -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
> -CVE: CVE-2017-9047 CVE-2017-9048
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/result/valid/781333.xml b/result/valid/781333.xml
> -new file mode 100644
> -index 0000000..01baf11
> ---- /dev/null
> -+++ b/result/valid/781333.xml
> -@@ -0,0 +1,5 @@
> -+<?xml version="1.0"?>
> -+<!DOCTYPE a [
> -+<!ELEMENT a (ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> lllllllllllllllllllllllllllllllll)>
> -+]>
> -+<a/>
> -diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
> -new file mode 100644
> -index 0000000..2176200
> ---- /dev/null
> -+++ b/result/valid/781333.xml.err
> -@@ -0,0 +1,3 @@
> -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
> -+<a/>
> -+ ^
> -diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
> -new file mode 100644
> -index 0000000..1195a04
> ---- /dev/null
> -+++ b/result/valid/781333.xml.err.rdr
> -@@ -0,0 +1,6 @@
> -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
> -+<a/>
> -+ ^
> -+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
> -+
> -+^
> -diff --git a/test/valid/781333.xml b/test/valid/781333.xml
> -new file mode 100644
> -index 0000000..bceac9c
> ---- /dev/null
> -+++ b/test/valid/781333.xml
> -@@ -0,0 +1,4 @@
> -+<!DOCTYPE a [
> -+ <!ELEMENT a (ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> lllllllllllllllllllllllllllllllllllll)>
> -+]>
> -+<a/>
> -diff --git a/valid.c b/valid.c
> -index 19f84b8..aaa30f6 100644
> ---- a/valid.c
> -+++ b/valid.c
> -@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
> - case XML_ELEMENT_CONTENT_PCDATA:
> - strcat(buf, "#PCDATA");
> - break;
> -- case XML_ELEMENT_CONTENT_ELEMENT:
> -+ case XML_ELEMENT_CONTENT_ELEMENT: {
> -+ int qnameLen = xmlStrlen(content->name);
> -+
> -+ if (content->prefix != NULL)
> -+ qnameLen += xmlStrlen(content->prefix) + 1;
> -+ if (size - len < qnameLen + 10) {
> -+ strcat(buf, " ...");
> -+ return;
> -+ }
> - if (content->prefix != NULL) {
> -- if (size - len < xmlStrlen(content->prefix) + 10) {
> -- strcat(buf, " ...");
> -- return;
> -- }
> - strcat(buf, (char *) content->prefix);
> - strcat(buf, ":");
> - }
> -- if (size - len < xmlStrlen(content->name) + 10) {
> -- strcat(buf, " ...");
> -- return;
> -- }
> - if (content->name != NULL)
> - strcat(buf, (char *) content->name);
> - break;
> -+ }
> - case XML_ELEMENT_CONTENT_SEQ:
> - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> - (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
> -@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
> - xmlSnprintfElementContent(buf, size, content->c2, 0);
> - break;
> - }
> -+ if (size - strlen(buf) <= 2) return;
> - if (englob)
> - strcat(buf, ")");
> - switch (content->ocur) {
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
> deleted file mode 100644
> index 591075d..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
> +++ /dev/null
> @@ -1,291 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781205
> - -- https://bugzilla.gnome.org/show_bug.cgi?id=781361
> -
> -parser: Fix handling of parameter-entity references
> -
> -There were two bugs where parameter-entity references could lead to an
> -unexpected change of the input buffer in xmlParseNameComplex and
> -xmlDictLookup being called with an invalid pointer.
> -
> -Percent sign in DTD Names
> -=========================
> -
> -The NEXTL macro used to call xmlParserHandlePEReference. When parsing
> -"complex" names inside the DTD, this could result in entity expansion
> -which created a new input buffer. The fix is to simply remove the call
> -to xmlParserHandlePEReference from the NEXTL macro. This is safe because
> -no users of the macro require expansion of parameter entities.
> -
> -- xmlParseNameComplex
> -- xmlParseNCNameComplex
> -- xmlParseNmtoken
> -
> -The percent sign is not allowed in names, which are grammatical tokens.
> -
> -- xmlParseEntityValue
> -
> -Parameter-entity references in entity values are expanded but this
> -happens in a separate step in this function.
> -
> -- xmlParseSystemLiteral
> -
> -Parameter-entity references are ignored in the system literal.
> -
> -- xmlParseAttValueComplex
> -- xmlParseCharDataComplex
> -- xmlParseCommentComplex
> -- xmlParsePI
> -- xmlParseCDSect
> -
> -Parameter-entity references are ignored outside the DTD.
> -
> -- xmlLoadEntityContent
> -
> -This function is only called from xmlStringLenDecodeEntities and
> -entities are replaced in a separate step immediately after the function
> -call.
> -
> -This bug could also be triggered with an internal subset and double
> -entity expansion.
> -
> -This fixes bug 766956 initially reported by Wei Lei and independently by
> -Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
> -involved.
> -
> -xmlParseNameComplex with XML_PARSE_OLD10
> -========================================
> -
> -When parsing Names inside an expanded parameter entity with the
> -XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
> -GROW macro if the input buffer was exhausted. At the end of the
> -parameter entity's replacement text, this function would then call
> -xmlPopInput which invalidated the input buffer.
> -
> -There should be no need to invoke GROW in this situation because the
> -buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
> -at least for UTF-8, in xmlCurrentChar. This also matches the code path
> -executed when XML_PARSE_OLD10 is not set.
> -
> -This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
> -Thanks to Marcel Böhme and Thuan Pham for the report.
> -
> -Additional hardening
> -====================
> -
> -A separate check was added in xmlParseNameComplex to validate the
> -buffer size.
> -
> -Fixes bug 781205 and bug 781361
> -
> -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
> -CVE: CVE-2017-9049 CVE-2017-9050
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/Makefile.am b/Makefile.am
> -index 9f988b0..dab15a4 100644
> ---- a/Makefile.am
> -+++ b/Makefile.am
> -@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
> - if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
> - rm result.$$name error.$$name ; \
> - fi ; fi ; done)
> -+ @echo "## Error cases regression tests (old 1.0)"
> -+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
> -+ name=`basename $$i`; \
> -+ if [ ! -d $$i ] ; then \
> -+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
> -+ echo New test file $$name ; \
> -+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
> -+ 2> $(srcdir)/result/errors10/$$name.err \
> -+ > $(srcdir)/result/errors10/$$name ; \
> -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
> -+ else \
> -+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
> -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
> -+ diff $(srcdir)/result/errors10/$$name result.$$name ; \
> -+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
> -+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
> -+ rm result.$$name error.$$name ; \
> -+ fi ; fi ; done)
> - @echo "## Error cases stream regression tests"
> - -@(for i in $(srcdir)/test/errors/*.xml ; do \
> - name=`basename $$i`; \
> -diff --git a/parser.c b/parser.c
> -index 609a270..8e11c12 100644
> ---- a/parser.c
> -+++ b/parser.c
> -@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
> - ctxt->input->line++; ctxt->input->col = 1; \
> - } else ctxt->input->col++; \
> - ctxt->input->cur += l; \
> -- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
> - } while (0)
> -
> - #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
> -@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
> - len += l;
> - NEXTL(l);
> - c = CUR_CHAR(l);
> -- if (c == 0) {
> -- count = 0;
> -- GROW;
> -- if (ctxt->instate == XML_PARSER_EOF)
> -- return(NULL);
> -- c = CUR_CHAR(l);
> -- }
> - }
> - }
> - if ((len > XML_MAX_NAME_LENGTH) &&
> -@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
> - xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
> - return(NULL);
> - }
> -+ if (ctxt->input->cur - ctxt->input->base < len) {
> -+ /*
> -+ * There were a couple of bugs where PERefs lead to to a change
> -+ * of the buffer. Check the buffer size to avoid passing an invalid
> -+ * pointer to xmlDictLookup.
> -+ */
> -+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
> -+ "unexpected change of input buffer");
> -+ return (NULL);
> -+ }
> - if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
> - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
> - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
> -diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
> -new file mode 100644
> -index 0000000..e69de29
> -diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
> -new file mode 100644
> -index 0000000..da15c3f
> ---- /dev/null
> -+++ b/result/errors10/781205.xml.err
> -@@ -0,0 +1,21 @@
> -+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
> -+
> -+ %a;
> -+ ^
> -+Entity: line 1:
> -+<:0000
> -+^
> -+Entity: line 1: parser error : DOCTYPE improperly terminated
> -+ %a;
> -+ ^
> -+Entity: line 1:
> -+<:0000
> -+^
> -+namespace error : Failed to parse QName ':0000'
> -+ %a;
> -+ ^
> -+<:0000
> -+ ^
> -+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
> -+
> -+^
> -diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
> -new file mode 100644
> -index 0000000..e69de29
> -diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
> -new file mode 100644
> -index 0000000..655f41a
> ---- /dev/null
> -+++ b/result/errors10/781361.xml.err
> -@@ -0,0 +1,13 @@
> -+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
> -+
> -+^
> -+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
> -+
> -+
> -+^
> -+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
> -+
> -+^
> -+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
> -+
> -+^
> -diff --git a/result/valid/766956.xml b/result/valid/766956.xml
> -new file mode 100644
> -index 0000000..e69de29
> -diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
> -new file mode 100644
> -index 0000000..34b1dae
> ---- /dev/null
> -+++ b/result/valid/766956.xml.err
> -@@ -0,0 +1,9 @@
> -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
> -+%ä%ent;
> -+ ^
> -+Entity: line 1: parser error : Content error in the external subset
> -+ %ent;
> -+ ^
> -+Entity: line 1:
> -+value
> -+^
> -diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
> -new file mode 100644
> -index 0000000..7760346
> ---- /dev/null
> -+++ b/result/valid/766956.xml.err.rdr
> -@@ -0,0 +1,10 @@
> -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
> -+%ä%ent;
> -+ ^
> -+Entity: line 1: parser error : Content error in the external subset
> -+ %ent;
> -+ ^
> -+Entity: line 1:
> -+value
> -+^
> -+./test/valid/766956.xml : failed to parse
> -diff --git a/runtest.c b/runtest.c
> -index bb74d2a..63e8c20 100644
> ---- a/runtest.c
> -+++ b/runtest.c
> -@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
> - { "Error cases regression tests",
> - errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
> - 0 },
> -+ { "Error cases regression tests (old 1.0)",
> -+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
> -+ XML_PARSE_OLD10 },
> - #ifdef LIBXML_READER_ENABLED
> - { "Error cases stream regression tests",
> - streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
> -diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
> -new file mode 100644
> -index 0000000..d9e9e83
> ---- /dev/null
> -+++ b/test/errors10/781205.xml
> -@@ -0,0 +1,3 @@
> -+<!DOCTYPE D [
> -+ <!ENTITY % a "<:0000">
> -+ %a;
> -diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
> -new file mode 100644
> -index 0000000..67476bc
> ---- /dev/null
> -+++ b/test/errors10/781361.xml
> -@@ -0,0 +1,3 @@
> -+<!DOCTYPE doc [
> -+ <!ENTITY % elem "<!ELEMENT e0000000000">
> -+ %elem;
> -diff --git a/test/valid/766956.xml b/test/valid/766956.xml
> -new file mode 100644
> -index 0000000..19a95a0
> ---- /dev/null
> -+++ b/test/valid/766956.xml
> -@@ -0,0 +1,2 @@
> -+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
> -+<test/>
> -diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
> -new file mode 100644
> -index 0000000..dddde68
> ---- /dev/null
> -+++ b/test/valid/dtds/766956.dtd
> -@@ -0,0 +1,2 @@
> -+<!ENTITY % ent "value">
> -+%ä%ent;
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
> deleted file mode 100644
> index c60e32f..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
> +++ /dev/null
> @@ -1,45 +0,0 @@
> -libxml2-2.9.4: Fix more NULL pointer derefs
> -
> -xpointer: Fix more NULL pointer derefs
> -
> -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd]
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
> -
> -diff --git a/xpointer.c b/xpointer.c
> -index 676c510..074db24 100644
> ---- a/xpointer.c
> -+++ b/xpointer.c
> -@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
> - /*
> - * Empty set ...
> - */
> -- if (end->nodesetval->nodeNr <= 0)
> -+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
> - return(NULL);
> - break;
> - default:
> -@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
> - */
> - xmlNodeSetPtr set;
> - set = tmp->nodesetval;
> -- if ((set->nodeNr != 1) ||
> -+ if ((set == NULL) || (set->nodeNr != 1) ||
> - (set->nodeTab[0] != (xmlNodePtr) ctx->doc))
> - stack++;
> - } else
> -@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
> - xmlXPathFreeObject(set);
> - XP_ERROR(XPATH_MEMORY_ERROR);
> - }
> -- for (i = 0;i < oldset->locNr;i++) {
> -- xmlXPtrLocationSetAdd(newset,
> -- xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
> -+ if (oldset != NULL) {
> -+ for (i = 0;i < oldset->locNr;i++) {
> -+ xmlXPtrLocationSetAdd(newset,
> -+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
> -+ }
> - }
> -
> - /*
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
> deleted file mode 100644
> index faa5770..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
> +++ /dev/null
> @@ -1,590 +0,0 @@
> -libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2
> -
> -[No upstream tracking]
> -
> -parser: Avoid reparsing in xmlParseStartTag2
> -
> -The code in xmlParseStartTag2 must handle the case that the input
> -buffer was grown and reallocated which can invalidate pointers to
> -attribute values. Before, this was handled by detecting changes of
> -the input buffer "base" pointer and, in case of a change, jumping
> -back to the beginning of the function and reparsing the start tag.
> -
> -The major problem of this approach is that whether an input buffer is
> -reallocated is nondeterministic, resulting in seemingly random test
> -failures. See the mailing list thread "runtest mystery bug: name2.xml
> -error case regression test" from 2012, for example.
> -
> -If a reallocation was detected, the code also made no attempts to
> -continue parsing in case of errors which makes a difference in
> -the lax "recover" mode.
> -
> -Now we store the current input buffer "base" pointer for each (not
> -separately allocated) attribute in the namespace URI field, which isn't
> -used until later. After the whole start tag was parsed, the pointers to
> -the attribute values are reconstructed using the offset between the
> -new and the old input buffer. This relies on arithmetic on dangling
> -pointers which is technically undefined behavior. But it seems like
> -the easiest and most efficient fix and a similar approach is used in
> -xmlParserInputGrow.
> -
> -This changes the error output of several tests, typically making it
> -more verbose because we try harder to continue parsing in case of errors.
> -
> -(Another possible solution is to check not only the "base" pointer
> -but the size of the input buffer as well. But this would result in
> -even more reparsing.)
> -
> -Remove some goto labels and deduplicate a bit of code after handling
> -namespaces.
> -
> -There were two bugs where parameter-entity references could lead to an
> -unexpected change of the input buffer in xmlParseNameComplex and
> -xmlDictLookup being called with an invalid pointer.
> -
> -
> -Upstream-Status: Backport
> - - [https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349]
> - - [https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0]
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/parser.c b/parser.c
> -index 609a270..74016e3 100644
> ---- a/parser.c
> -+++ b/parser.c
> -@@ -43,6 +43,7 @@
> - #include <limits.h>
> - #include <string.h>
> - #include <stdarg.h>
> -+#include <stddef.h>
> - #include <libxml/xmlmemory.h>
> - #include <libxml/threads.h>
> - #include <libxml/globals.h>
> -@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
> - const xmlChar **atts = ctxt->atts;
> - int maxatts = ctxt->maxatts;
> - int nratts, nbatts, nbdef;
> -- int i, j, nbNs, attval, oldline, oldcol, inputNr;
> -- const xmlChar *base;
> -+ int i, j, nbNs, attval;
> - unsigned long cur;
> - int nsNr = ctxt->nsNr;
> -
> -@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
> - * The Shrinking is only possible once the full set of attribute
> - * callbacks have been done.
> - */
> --reparse:
> - SHRINK;
> -- base = ctxt->input->base;
> - cur = ctxt->input->cur - ctxt->input->base;
> -- inputNr = ctxt->inputNr;
> -- oldline = ctxt->input->line;
> -- oldcol = ctxt->input->col;
> - nbatts = 0;
> - nratts = 0;
> - nbdef = 0;
> -@@ -9422,8 +9417,6 @@ reparse:
> - */
> - SKIP_BLANKS;
> - GROW;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> -
> - while (((RAW != '>') &&
> - ((RAW != '/') || (NXT(1) != '>')) &&
> -@@ -9434,203 +9427,174 @@ reparse:
> -
> - attname = xmlParseAttribute2(ctxt, prefix, localname,
> - &aprefix, &attvalue, &len, &alloc);
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
> -- if ((attvalue != NULL) && (alloc != 0))
> -- xmlFree(attvalue);
> -- attvalue = NULL;
> -- goto base_changed;
> -- }
> -- if ((attname != NULL) && (attvalue != NULL)) {
> -- if (len < 0) len = xmlStrlen(attvalue);
> -- if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
> -- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
> -- xmlURIPtr uri;
> --
> -- if (URL == NULL) {
> -- xmlErrMemory(ctxt, "dictionary allocation failure");
> -- if ((attvalue != NULL) && (alloc != 0))
> -- xmlFree(attvalue);
> -- return(NULL);
> -- }
> -- if (*URL != 0) {
> -- uri = xmlParseURI((const char *) URL);
> -- if (uri == NULL) {
> -- xmlNsErr(ctxt, XML_WAR_NS_URI,
> -- "xmlns: '%s' is not a valid URI\n",
> -- URL, NULL, NULL);
> -- } else {
> -- if (uri->scheme == NULL) {
> -- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -- "xmlns: URI %s is not absolute\n",
> -- URL, NULL, NULL);
> -- }
> -- xmlFreeURI(uri);
> -- }
> -- if (URL == ctxt->str_xml_ns) {
> -- if (attname != ctxt->str_xml) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xml namespace URI cannot be the default namespace\n",
> -- NULL, NULL, NULL);
> -- }
> -- goto skip_default_ns;
> -- }
> -- if ((len == 29) &&
> -- (xmlStrEqual(URL,
> -- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "reuse of the xmlns namespace name is forbidden\n",
> -- NULL, NULL, NULL);
> -- goto skip_default_ns;
> -- }
> -- }
> -- /*
> -- * check that it's not a defined namespace
> -- */
> -- for (j = 1;j <= nbNs;j++)
> -- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
> -- break;
> -- if (j <= nbNs)
> -- xmlErrAttributeDup(ctxt, NULL, attname);
> -- else
> -- if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
> --skip_default_ns:
> -- if ((attvalue != NULL) && (alloc != 0)) {
> -- xmlFree(attvalue);
> -- attvalue = NULL;
> -- }
> -- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
> -- break;
> -- if (!IS_BLANK_CH(RAW)) {
> -- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
> -- "attributes construct error\n");
> -- break;
> -- }
> -- SKIP_BLANKS;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> -- continue;
> -- }
> -- if (aprefix == ctxt->str_xmlns) {
> -- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
> -- xmlURIPtr uri;
> --
> -- if (attname == ctxt->str_xml) {
> -- if (URL != ctxt->str_xml_ns) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xml namespace prefix mapped to wrong URI\n",
> -- NULL, NULL, NULL);
> -- }
> -- /*
> -- * Do not keep a namespace definition node
> -- */
> -- goto skip_ns;
> -- }
> -+ if ((attname == NULL) || (attvalue == NULL))
> -+ goto next_attr;
> -+ if (len < 0) len = xmlStrlen(attvalue);
> -+
> -+ if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
> -+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
> -+ xmlURIPtr uri;
> -+
> -+ if (URL == NULL) {
> -+ xmlErrMemory(ctxt, "dictionary allocation failure");
> -+ if ((attvalue != NULL) && (alloc != 0))
> -+ xmlFree(attvalue);
> -+ return(NULL);
> -+ }
> -+ if (*URL != 0) {
> -+ uri = xmlParseURI((const char *) URL);
> -+ if (uri == NULL) {
> -+ xmlNsErr(ctxt, XML_WAR_NS_URI,
> -+ "xmlns: '%s' is not a valid URI\n",
> -+ URL, NULL, NULL);
> -+ } else {
> -+ if (uri->scheme == NULL) {
> -+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -+ "xmlns: URI %s is not absolute\n",
> -+ URL, NULL, NULL);
> -+ }
> -+ xmlFreeURI(uri);
> -+ }
> - if (URL == ctxt->str_xml_ns) {
> -- if (attname != ctxt->str_xml) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xml namespace URI mapped to wrong prefix\n",
> -- NULL, NULL, NULL);
> -- }
> -- goto skip_ns;
> -- }
> -- if (attname == ctxt->str_xmlns) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "redefinition of the xmlns prefix is forbidden\n",
> -- NULL, NULL, NULL);
> -- goto skip_ns;
> -- }
> -- if ((len == 29) &&
> -- (xmlStrEqual(URL,
> -- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "reuse of the xmlns namespace name is forbidden\n",
> -- NULL, NULL, NULL);
> -- goto skip_ns;
> -- }
> -- if ((URL == NULL) || (URL[0] == 0)) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xmlns:%s: Empty XML namespace is not allowed\n",
> -- attname, NULL, NULL);
> -- goto skip_ns;
> -- } else {
> -- uri = xmlParseURI((const char *) URL);
> -- if (uri == NULL) {
> -- xmlNsErr(ctxt, XML_WAR_NS_URI,
> -- "xmlns:%s: '%s' is not a valid URI\n",
> -- attname, URL, NULL);
> -- } else {
> -- if ((ctxt->pedantic) && (uri->scheme == NULL)) {
> -- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -- "xmlns:%s: URI %s is not absolute\n",
> -- attname, URL, NULL);
> -- }
> -- xmlFreeURI(uri);
> -- }
> -- }
> --
> -- /*
> -- * check that it's not a defined namespace
> -- */
> -- for (j = 1;j <= nbNs;j++)
> -- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
> -- break;
> -- if (j <= nbNs)
> -- xmlErrAttributeDup(ctxt, aprefix, attname);
> -- else
> -- if (nsPush(ctxt, attname, URL) > 0) nbNs++;
> --skip_ns:
> -- if ((attvalue != NULL) && (alloc != 0)) {
> -- xmlFree(attvalue);
> -- attvalue = NULL;
> -- }
> -- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
> -- break;
> -- if (!IS_BLANK_CH(RAW)) {
> -- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
> -- "attributes construct error\n");
> -- break;
> -- }
> -- SKIP_BLANKS;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> -- continue;
> -- }
> -+ if (attname != ctxt->str_xml) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xml namespace URI cannot be the default namespace\n",
> -+ NULL, NULL, NULL);
> -+ }
> -+ goto next_attr;
> -+ }
> -+ if ((len == 29) &&
> -+ (xmlStrEqual(URL,
> -+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "reuse of the xmlns namespace name is forbidden\n",
> -+ NULL, NULL, NULL);
> -+ goto next_attr;
> -+ }
> -+ }
> -+ /*
> -+ * check that it's not a defined namespace
> -+ */
> -+ for (j = 1;j <= nbNs;j++)
> -+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
> -+ break;
> -+ if (j <= nbNs)
> -+ xmlErrAttributeDup(ctxt, NULL, attname);
> -+ else
> -+ if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
> -+
> -+ } else if (aprefix == ctxt->str_xmlns) {
> -+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
> -+ xmlURIPtr uri;
> -+
> -+ if (attname == ctxt->str_xml) {
> -+ if (URL != ctxt->str_xml_ns) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xml namespace prefix mapped to wrong URI\n",
> -+ NULL, NULL, NULL);
> -+ }
> -+ /*
> -+ * Do not keep a namespace definition node
> -+ */
> -+ goto next_attr;
> -+ }
> -+ if (URL == ctxt->str_xml_ns) {
> -+ if (attname != ctxt->str_xml) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xml namespace URI mapped to wrong prefix\n",
> -+ NULL, NULL, NULL);
> -+ }
> -+ goto next_attr;
> -+ }
> -+ if (attname == ctxt->str_xmlns) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "redefinition of the xmlns prefix is forbidden\n",
> -+ NULL, NULL, NULL);
> -+ goto next_attr;
> -+ }
> -+ if ((len == 29) &&
> -+ (xmlStrEqual(URL,
> -+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "reuse of the xmlns namespace name is forbidden\n",
> -+ NULL, NULL, NULL);
> -+ goto next_attr;
> -+ }
> -+ if ((URL == NULL) || (URL[0] == 0)) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xmlns:%s: Empty XML namespace is not allowed\n",
> -+ attname, NULL, NULL);
> -+ goto next_attr;
> -+ } else {
> -+ uri = xmlParseURI((const char *) URL);
> -+ if (uri == NULL) {
> -+ xmlNsErr(ctxt, XML_WAR_NS_URI,
> -+ "xmlns:%s: '%s' is not a valid URI\n",
> -+ attname, URL, NULL);
> -+ } else {
> -+ if ((ctxt->pedantic) && (uri->scheme == NULL)) {
> -+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -+ "xmlns:%s: URI %s is not absolute\n",
> -+ attname, URL, NULL);
> -+ }
> -+ xmlFreeURI(uri);
> -+ }
> -+ }
> -
> -- /*
> -- * Add the pair to atts
> -- */
> -- if ((atts == NULL) || (nbatts + 5 > maxatts)) {
> -- if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
> -- if (attvalue[len] == 0)
> -- xmlFree(attvalue);
> -- goto failed;
> -- }
> -- maxatts = ctxt->maxatts;
> -- atts = ctxt->atts;
> -- }
> -- ctxt->attallocs[nratts++] = alloc;
> -- atts[nbatts++] = attname;
> -- atts[nbatts++] = aprefix;
> -- atts[nbatts++] = NULL; /* the URI will be fetched later */
> -- atts[nbatts++] = attvalue;
> -- attvalue += len;
> -- atts[nbatts++] = attvalue;
> -- /*
> -- * tag if some deallocation is needed
> -- */
> -- if (alloc != 0) attval = 1;
> -- } else {
> -- if ((attvalue != NULL) && (attvalue[len] == 0))
> -- xmlFree(attvalue);
> -- }
> -+ /*
> -+ * check that it's not a defined namespace
> -+ */
> -+ for (j = 1;j <= nbNs;j++)
> -+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
> -+ break;
> -+ if (j <= nbNs)
> -+ xmlErrAttributeDup(ctxt, aprefix, attname);
> -+ else
> -+ if (nsPush(ctxt, attname, URL) > 0) nbNs++;
> -+
> -+ } else {
> -+ /*
> -+ * Add the pair to atts
> -+ */
> -+ if ((atts == NULL) || (nbatts + 5 > maxatts)) {
> -+ if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
> -+ goto next_attr;
> -+ }
> -+ maxatts = ctxt->maxatts;
> -+ atts = ctxt->atts;
> -+ }
> -+ ctxt->attallocs[nratts++] = alloc;
> -+ atts[nbatts++] = attname;
> -+ atts[nbatts++] = aprefix;
> -+ /*
> -+ * The namespace URI field is used temporarily to point at the
> -+ * base of the current input buffer for non-alloced attributes.
> -+ * When the input buffer is reallocated, all the pointers become
> -+ * invalid, but they can be reconstructed later.
> -+ */
> -+ if (alloc)
> -+ atts[nbatts++] = NULL;
> -+ else
> -+ atts[nbatts++] = ctxt->input->base;
> -+ atts[nbatts++] = attvalue;
> -+ attvalue += len;
> -+ atts[nbatts++] = attvalue;
> -+ /*
> -+ * tag if some deallocation is needed
> -+ */
> -+ if (alloc != 0) attval = 1;
> -+ attvalue = NULL; /* moved into atts */
> -+ }
> -
> --failed:
> -+next_attr:
> -+ if ((attvalue != NULL) && (alloc != 0)) {
> -+ xmlFree(attvalue);
> -+ attvalue = NULL;
> -+ }
> -
> - GROW
> - if (ctxt->instate == XML_PARSER_EOF)
> - break;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> - if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
> - break;
> - if (!IS_BLANK_CH(RAW)) {
> -@@ -9646,8 +9610,20 @@ failed:
> - break;
> - }
> - GROW;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> -+ }
> -+
> -+ /* Reconstruct attribute value pointers. */
> -+ for (i = 0, j = 0; j < nratts; i += 5, j++) {
> -+ if (atts[i+2] != NULL) {
> -+ /*
> -+ * Arithmetic on dangling pointers is technically undefined
> -+ * behavior, but well...
> -+ */
> -+ ptrdiff_t offset = ctxt->input->base - atts[i+2];
> -+ atts[i+2] = NULL; /* Reset repurposed namespace URI */
> -+ atts[i+3] += offset; /* value */
> -+ atts[i+4] += offset; /* valuend */
> -+ }
> - }
> -
> - /*
> -@@ -9804,34 +9780,6 @@ failed:
> - }
> -
> - return(localname);
> --
> --base_changed:
> -- /*
> -- * the attribute strings are valid iif the base didn't changed
> -- */
> -- if (attval != 0) {
> -- for (i = 3,j = 0; j < nratts;i += 5,j++)
> -- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
> -- xmlFree((xmlChar *) atts[i]);
> -- }
> --
> -- /*
> -- * We can't switch from one entity to another in the middle
> -- * of a start tag
> -- */
> -- if (inputNr != ctxt->inputNr) {
> -- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
> -- "Start tag doesn't start and stop in the same entity\n");
> -- return(NULL);
> -- }
> --
> -- ctxt->input->cur = ctxt->input->base + cur;
> -- ctxt->input->line = oldline;
> -- ctxt->input->col = oldcol;
> -- if (ctxt->wellFormed == 1) {
> -- goto reparse;
> -- }
> -- return(NULL);
> - }
> -
> - /**
> -diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err
> -index e08d9bf..f6036a3 100644
> ---- a/result/errors/759398.xml.err
> -+++ b/result/errors/759398.xml.err
> -@@ -1,9 +1,12 @@
> - ./test/errors/759398.xml:210: parser error : StartTag: invalid element name
> - need to worry about parsers whi<! don't expand PErefs finding
> - ^
> --./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: spec line 50 and termdef
> -+./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№�
> ��№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№�
> �№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№m line 308 and termdef
> - and provide access to their content and structure.</termdef> <termdef
> - ^
> --./test/errors/759398.xml:309: parser error : Extra content at the end of the document
> --and provide access to their content and structure.</termdef> <termdef
> -- ^
> -+./test/errors/759398.xml:314: parser error : Opening and ending tag mismatch: spec line 50 and p
> -+data and the information it must provide to the application.</p>
> -+ ^
> -+./test/errors/759398.xml:316: parser error : Extra content at the end of the document
> -+<div2 id='sec-origin-goals'>
> -+^
> -diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err
> -index 4f08538..c4c4fc8 100644
> ---- a/result/errors/attr1.xml.err
> -+++ b/result/errors/attr1.xml.err
> -@@ -1,6 +1,9 @@
> - ./test/errors/attr1.xml:2: parser error : AttValue: ' expected
> -
> - ^
> --./test/errors/attr1.xml:1: parser error : Extra content at the end of the document
> --<foo foo="oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> -- ^
> -+./test/errors/attr1.xml:2: parser error : attributes construct error
> -+
> -+^
> -+./test/errors/attr1.xml:2: parser error : Couldn't find end of Start Tag foo line 1
> -+
> -+^
> -diff --git a/result/errors/attr2.xml.err b/result/errors/attr2.xml.err
> -index c8a9c7d..77e342e 100644
> ---- a/result/errors/attr2.xml.err
> -+++ b/result/errors/attr2.xml.err
> -@@ -1,6 +1,9 @@
> - ./test/errors/attr2.xml:2: parser error : AttValue: ' expected
> -
> - ^
> --./test/errors/attr2.xml:1: parser error : Extra content at the end of the document
> --<foo foo=">ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> -- ^
> -+./test/errors/attr2.xml:2: parser error : attributes construct error
> -+
> -+^
> -+./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
> -+
> -+^
> -diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err
> -index a6649a1..8a6acee 100644
> ---- a/result/errors/name2.xml.err
> -+++ b/result/errors/name2.xml.err
> -@@ -1,6 +1,9 @@
> - ./test/errors/name2.xml:2: parser error : Specification mandate value for attribute fooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> -
> - ^
> --./test/errors/name2.xml:1: parser error : Extra content at the end of the document
> --<foo foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> -- ^
> -+./test/errors/name2.xml:2: parser error : attributes construct error
> -+
> -+^
> -+./test/errors/name2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
> -+
> -+^
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
> deleted file mode 100644
> index 65f6bef..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
> +++ /dev/null
> @@ -1,67 +0,0 @@
> -libxml2-2.9.4: Fix comparison with root node in xmlXPathCmpNodes and NULL pointer deref in XPointer
> -
> -xpath:
> - - Check for errors after evaluating first operand.
> - - Add sanity check for empty stack.
> - - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes
> -
> -Upstream-Status: Backport
> - - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
> - - [https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8]
> -CVE: CVE-2016-5131
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
> -
> -diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
> -new file mode 100644
> -index 0000000..d589882
> ---- /dev/null
> -+++ b/result/XPath/xptr/viderror
> -@@ -0,0 +1,4 @@
> -+
> -+========================
> -+Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
> -+Object is empty (NULL)
> -diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
> -new file mode 100644
> -index 0000000..da8c53b
> ---- /dev/null
> -+++ b/test/XPath/xptr/viderror
> -@@ -0,0 +1 @@
> -+xpointer(non-existing-fn()/range-to(id('chapter2')))
> -diff --git a/xpath.c b/xpath.c
> -index 113bce6..d992841 100644
> ---- a/xpath.c
> -+++ b/xpath.c
> -@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
> - * compute depth to root
> - */
> - for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
> -- if (cur == node1)
> -+ if (cur->parent == node1)
> - return(1);
> - depth2++;
> - }
> - root = cur;
> - for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
> -- if (cur == node2)
> -+ if (cur->parent == node2)
> - return(-1);
> - depth1++;
> - }
> -@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
> - xmlNodeSetPtr oldset;
> - int i, j;
> -
> -- if (op->ch1 != -1)
> -+ if (op->ch1 != -1) {
> - total +=
> - xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
> -+ CHECK_ERROR0;
> -+ }
> -+ if (ctxt->value == NULL) {
> -+ XP_ERROR0(XPATH_INVALID_OPERAND);
> -+ }
> - if (op->ch2 == -1)
> - return (total);
> -
> diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch b/meta/recipes-core/libxml/libxml2/runtest.patch
> index 6e56857..cb171d5 100644
> --- a/meta/recipes-core/libxml/libxml2/runtest.patch
> +++ b/meta/recipes-core/libxml/libxml2/runtest.patch
> @@ -2,47 +2,29 @@ Add 'install-ptest' rule.
> Print a standard result line for each test.
>
> Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
> -Signed-off-by: Andrej Valek <andrej.valek@enea.com>
> +Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> Upstream-Status: Backport
>
> diff -uNr a/Makefile.am b/Makefile.am
> ---- a/Makefile.am 2016-05-22 03:49:02.000000000 +0200
> -+++ b/Makefile.am 2017-06-14 10:38:43.381305385 +0200
> -@@ -202,10 +202,24 @@
> +--- a/Makefile.am 2017-08-28 15:01:14.000000000 +0200
> ++++ b/Makefile.am 2017-09-05 08:06:05.752287323 +0200
> +@@ -202,6 +202,15 @@
> #testOOM_DEPENDENCIES = $(DEPS)
> #testOOM_LDADD= $(LDADDS)
>
> +install-ptest:
> + @(if [ -d .libs ] ; then cd .libs; fi; \
> -+ install $(noinst_PROGRAMS) $(DESTDIR))
> ++ install $(check_PROGRAMS) $(DESTDIR))
> + cp -r $(srcdir)/test $(DESTDIR)
> + cp -r $(srcdir)/result $(DESTDIR)
> + cp -r $(srcdir)/python $(DESTDIR)
> + cp Makefile $(DESTDIR)
> + sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile
> +
> - runtests:
> + runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \
> + testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT)
> [ -d test ] || $(LN_S) $(srcdir)/test .
> - [ -d result ] || $(LN_S) $(srcdir)/result .
> -- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
> -+ $(CHECKER) ./runtest$(EXEEXT) && \
> -+ $(CHECKER) ./testrecurse$(EXEEXT) && \
> -+ ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) ./testapi$(EXEEXT) && \
> -+ $(CHECKER) ./testchar$(EXEEXT) && \
> -+ $(CHECKER) ./testdict$(EXEEXT) && \
> -+ $(CHECKER) ./runxmlconf$(EXEEXT)
> - @(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \
> - $(MAKE) tests ; fi)
> -
> -@@ -229,7 +243,7 @@
> -
> - APItests: testapi$(EXEEXT)
> - @echo "## Running the API regression tests this may take a little while"
> -- -@($(CHECKER) $(top_builddir)/testapi -q)
> -+ -@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) $(top_builddir)/testapi -q)
> -
> - HTMLtests : testHTML$(EXEEXT)
> - @(echo > .memdump)
> +
> diff -uNr a/runsuite.c b/runsuite.c
> --- a/runsuite.c 2013-04-12 16:17:11.462823238 +0200
> +++ b/runsuite.c 2013-04-17 14:07:24.352693211 +0200
> diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.6.bb
> similarity index 85%
> rename from meta/recipes-core/libxml/libxml2_2.9.4.bb
> rename to meta/recipes-core/libxml/libxml2_2.9.6.bb
> index 107539b..fd4e85a 100644
> --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
> +++ b/meta/recipes-core/libxml/libxml2_2.9.6.bb
> @@ -19,21 +19,11 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
> file://run-ptest \
> file://python-sitepackages-dir.patch \
> file://libxml-m4-use-pkgconfig.patch \
> - file://libxml2-fix_node_comparison.patch \
> - file://libxml2-CVE-2016-5131.patch \
> - file://libxml2-CVE-2016-4658.patch \
> - file://libxml2-fix_NULL_pointer_derefs.patch \
> - file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
> - file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
> - file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
> - file://libxml2-CVE-2017-5969.patch \
> - file://libxml2-CVE-2017-0663.patch \
> - file://libxml2-CVE-2017-8872.patch \
> file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
> "
>
> -SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
> -SRC_URI[libtar.sha256sum] = "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c"
> +SRC_URI[libtar.md5sum] = "dbae8327d8471941bf0472e273473e36"
> +SRC_URI[libtar.sha256sum] = "8b9038cca7240e881d462ea391882092dfdc6d4f483f72683e817be08df5ebbc"
> SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a"
> SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
>
> @@ -81,6 +71,10 @@ do_configure_prepend () {
> find ${WORKDIR}/xmlconf/ -type f -exec chmod -x {} \+
> }
>
> +do_compile_ptest() {
> + oe_runmake check-am
> +}
> +
> do_install_ptest () {
> cp -r ${WORKDIR}/xmlconf ${D}${PTEST_PATH}
> if [ "${@bb.utils.filter('PACKAGECONFIG', 'python', d)}" ]; then
>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v6] libxml2: 2.9.4 -> 2.9.7
2017-11-03 7:12 ` [PATCH v6] libxml2: 2.9.4 -> 2.9.7 Andrej Valek
@ 2017-11-06 7:37 ` Andrej Valek
0 siblings, 0 replies; 24+ messages in thread
From: Andrej Valek @ 2017-11-06 7:37 UTC (permalink / raw)
To: openembedded-core
This patch is obsolete, due to merged upgrade to version 2.9.5 .
I have sent the new one, which upgrades version to 2.9.7
http://lists.openembedded.org/pipermail/openembedded-core/2017-November/143973.html
Andrej
On 11/03/2017 08:12 AM, Andrej Valek wrote:
> - remove backported patches (CVE-* and fix-*)
> - adapt changes from 2.9.5+ version into ptest patch
>
> Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> ---
> .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +-
> .../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 ----------
> .../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 -------
> .../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 --
> .../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ---
> .../libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 --
> .../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ----
> .../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ----------
> .../libxml2/libxml2-fix_NULL_pointer_derefs.patch | 45 --
> ...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 ---------------------
> .../libxml2/libxml2-fix_node_comparison.patch | 67 ---
> meta/recipes-core/libxml/libxml2/runtest.patch | 34 +-
> .../libxml/{libxml2_2.9.4.bb => libxml2_2.9.7.bb} | 18 +-
> 13 files changed, 15 insertions(+), 1723 deletions(-)
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
> delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
> rename meta/recipes-core/libxml/{libxml2_2.9.4.bb => libxml2_2.9.7.bb} (86%)
>
> diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
> index 3277165..d9ed151 100644
> --- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
> +++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
> @@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644
> - echo "*** If you have an old version installed, it is best to remove it, although"
> - echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ],
> - [ echo "*** The test program failed to compile or link. See the file config.log for the"
> -- echo "*** exact error that occured. This usually means LIBXML was incorrectly installed"
> +- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed"
> - echo "*** or that you have moved LIBXML since it was installed. In the latter case, you"
> - echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ])
> - CPPFLAGS="$ac_save_CPPFLAGS"
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
> deleted file mode 100644
> index bb55eed..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
> +++ /dev/null
> @@ -1,269 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2016-4658
> -
> -[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658
> -
> -xpointer: Disallow namespace nodes in XPointer points and ranges
> -
> -Namespace nodes must be copied to avoid use-after-free errors.
> -But they don't necessarily have a physical representation in a
> -document, so simply disallow them in XPointer ranges.
> -
> -Upstream-Status: Backport
> - - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
> - - [https://git.gnome.org/browse/libxml2/commit/?id=3f8a91036d338e51c059d54397a42d645f019c65]
> -CVE: CVE-2016-4658
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
> -
> -diff --git a/xpointer.c b/xpointer.c
> -index 676c510..911680d 100644
> ---- a/xpointer.c
> -+++ b/xpointer.c
> -@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
> - }
> -
> - /**
> -+ * xmlXPtrNewRangeInternal:
> -+ * @start: the starting node
> -+ * @startindex: the start index
> -+ * @end: the ending point
> -+ * @endindex: the ending index
> -+ *
> -+ * Internal function to create a new xmlXPathObjectPtr of type range
> -+ *
> -+ * Returns the newly created object.
> -+ */
> -+static xmlXPathObjectPtr
> -+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
> -+ xmlNodePtr end, int endindex) {
> -+ xmlXPathObjectPtr ret;
> -+
> -+ /*
> -+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
> -+ * Disallow them for now.
> -+ */
> -+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
> -+ return(NULL);
> -+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
> -+ return(NULL);
> -+
> -+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -+ if (ret == NULL) {
> -+ xmlXPtrErrMemory("allocating range");
> -+ return(NULL);
> -+ }
> -+ memset(ret, 0, sizeof(xmlXPathObject));
> -+ ret->type = XPATH_RANGE;
> -+ ret->user = start;
> -+ ret->index = startindex;
> -+ ret->user2 = end;
> -+ ret->index2 = endindex;
> -+ return(ret);
> -+}
> -+
> -+/**
> - * xmlXPtrNewRange:
> - * @start: the starting node
> - * @startindex: the start index
> -@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
> - if (endindex < 0)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = startindex;
> -- ret->user2 = end;
> -- ret->index2 = endindex;
> -+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
> - if (end->type != XPATH_POINT)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start->user;
> -- ret->index = start->index;
> -- ret->user2 = end->user;
> -- ret->index2 = end->index;
> -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
> -+ end->index);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
> - if (start->type != XPATH_POINT)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start->user;
> -- ret->index = start->index;
> -- ret->user2 = end;
> -- ret->index2 = -1;
> -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
> - if (end->type != XPATH_POINT)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- ret->user2 = end->user;
> -- ret->index2 = end->index;
> -+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
> - if (end == NULL)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- ret->user2 = end;
> -- ret->index2 = -1;
> -+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
> - if (start == NULL)
> - return(NULL);
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- ret->user2 = NULL;
> -- ret->index2 = -1;
> -+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
> - return(ret);
> - }
> -
> -@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
> - */
> - xmlXPathObjectPtr
> - xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
> -+ xmlNodePtr endNode;
> -+ int endIndex;
> - xmlXPathObjectPtr ret;
> -
> - if (start == NULL)
> -@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
> - return(NULL);
> - switch (end->type) {
> - case XPATH_POINT:
> -+ endNode = end->user;
> -+ endIndex = end->index;
> -+ break;
> - case XPATH_RANGE:
> -+ endNode = end->user2;
> -+ endIndex = end->index2;
> - break;
> - case XPATH_NODESET:
> - /*
> -@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
> - */
> - if (end->nodesetval->nodeNr <= 0)
> - return(NULL);
> -+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
> -+ endIndex = -1;
> - break;
> - default:
> - /* TODO */
> - return(NULL);
> - }
> -
> -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
> -- if (ret == NULL) {
> -- xmlXPtrErrMemory("allocating range");
> -- return(NULL);
> -- }
> -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
> -- ret->type = XPATH_RANGE;
> -- ret->user = start;
> -- ret->index = -1;
> -- switch (end->type) {
> -- case XPATH_POINT:
> -- ret->user2 = end->user;
> -- ret->index2 = end->index;
> -- break;
> -- case XPATH_RANGE:
> -- ret->user2 = end->user2;
> -- ret->index2 = end->index2;
> -- break;
> -- case XPATH_NODESET: {
> -- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
> -- ret->index2 = -1;
> -- break;
> -- }
> -- default:
> -- STRANGE
> -- return(NULL);
> -- }
> -+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
> - xmlXPtrRangeCheckOrder(ret);
> - return(ret);
> - }
> -@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
> - case XPATH_RANGE: {
> - xmlNodePtr node = tmp->user;
> - if (node != NULL) {
> -- if (node->type == XML_ATTRIBUTE_NODE) {
> -- /* TODO: Namespace Nodes ??? */
> -+ if ((node->type == XML_ATTRIBUTE_NODE) ||
> -+ (node->type == XML_NAMESPACE_DECL)) {
> - xmlXPathFreeObject(obj);
> - xmlXPtrFreeLocationSet(newset);
> - XP_ERROR(XPTR_SYNTAX_ERROR);
> -@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
> - case XPATH_RANGE: {
> - xmlNodePtr node = tmp->user2;
> - if (node != NULL) {
> -- if (node->type == XML_ATTRIBUTE_NODE) {
> -- /* TODO: Namespace Nodes ??? */
> -+ if ((node->type == XML_ATTRIBUTE_NODE) ||
> -+ (node->type == XML_NAMESPACE_DECL)) {
> - xmlXPathFreeObject(obj);
> - xmlXPtrFreeLocationSet(newset);
> - XP_ERROR(XPTR_SYNTAX_ERROR);
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
> deleted file mode 100644
> index 9d47d02..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
> +++ /dev/null
> @@ -1,180 +0,0 @@
> -From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
> -From: Nick Wellnhofer <wellnhofer@aevum.de>
> -Date: Tue, 28 Jun 2016 14:22:23 +0200
> -Subject: [PATCH] Fix XPointer paths beginning with range-to
> -
> -The old code would invoke the broken xmlXPtrRangeToFunction. range-to
> -isn't really a function but a special kind of location step. Remove
> -this function and always handle range-to in the XPath code.
> -
> -The old xmlXPtrRangeToFunction could also be abused to trigger a
> -use-after-free error with the potential for remote code execution.
> -
> -Found with afl-fuzz.
> -
> -Fixes CVE-2016-5131.
> -
> -CVE: CVE-2016-5131
> -Upstream-Status: Backport
> -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
> -
> -Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
> ----
> - result/XPath/xptr/vidbase | 13 ++++++++
> - test/XPath/xptr/vidbase | 1 +
> - xpath.c | 7 ++++-
> - xpointer.c | 76 ++++-------------------------------------------
> - 4 files changed, 26 insertions(+), 71 deletions(-)
> -
> -diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
> -index 8b9e92d..f19193e 100644
> ---- a/result/XPath/xptr/vidbase
> -+++ b/result/XPath/xptr/vidbase
> -@@ -17,3 +17,16 @@ Object is a Location Set:
> - To node
> - ELEMENT p
> -
> -+
> -+========================
> -+Expression: xpointer(range-to(id('chapter2')))
> -+Object is a Location Set:
> -+1 : Object is a range :
> -+ From node
> -+ /
> -+ To node
> -+ ELEMENT chapter
> -+ ATTRIBUTE id
> -+ TEXT
> -+ content=chapter2
> -+
> -diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
> -index b146383..884b106 100644
> ---- a/test/XPath/xptr/vidbase
> -+++ b/test/XPath/xptr/vidbase
> -@@ -1,2 +1,3 @@
> - xpointer(id('chapter1')/p)
> - xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
> -+xpointer(range-to(id('chapter2')))
> -diff --git a/xpath.c b/xpath.c
> -index d992841..5a01b1b 100644
> ---- a/xpath.c
> -+++ b/xpath.c
> -@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
> - lc = 1;
> - break;
> - } else if ((NXT(len) == '(')) {
> -- /* Note Type or Function */
> -+ /* Node Type or Function */
> - if (xmlXPathIsNodeType(name)) {
> - #ifdef DEBUG_STEP
> - xmlGenericError(xmlGenericErrorContext,
> - "PathExpr: Type search\n");
> - #endif
> - lc = 1;
> -+#ifdef LIBXML_XPTR_ENABLED
> -+ } else if (ctxt->xptr &&
> -+ xmlStrEqual(name, BAD_CAST "range-to")) {
> -+ lc = 1;
> -+#endif
> - } else {
> - #ifdef DEBUG_STEP
> - xmlGenericError(xmlGenericErrorContext,
> -diff --git a/xpointer.c b/xpointer.c
> -index 676c510..d74174a 100644
> ---- a/xpointer.c
> -+++ b/xpointer.c
> -@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
> - ret->here = here;
> - ret->origin = origin;
> -
> -- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
> -- xmlXPtrRangeToFunction);
> - xmlXPathRegisterFunc(ret, (xmlChar *)"range",
> - xmlXPtrRangeFunction);
> - xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
> -@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
> - * @nargs: the number of args
> - *
> - * Implement the range-to() XPointer function
> -+ *
> -+ * Obsolete. range-to is not a real function but a special type of location
> -+ * step which is handled in xpath.c.
> - */
> - void
> --xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
> -- xmlXPathObjectPtr range;
> -- const xmlChar *cur;
> -- xmlXPathObjectPtr res, obj;
> -- xmlXPathObjectPtr tmp;
> -- xmlLocationSetPtr newset = NULL;
> -- xmlNodeSetPtr oldset;
> -- int i;
> --
> -- if (ctxt == NULL) return;
> -- CHECK_ARITY(1);
> -- /*
> -- * Save the expression pointer since we will have to evaluate
> -- * it multiple times. Initialize the new set.
> -- */
> -- CHECK_TYPE(XPATH_NODESET);
> -- obj = valuePop(ctxt);
> -- oldset = obj->nodesetval;
> -- ctxt->context->node = NULL;
> --
> -- cur = ctxt->cur;
> -- newset = xmlXPtrLocationSetCreate(NULL);
> --
> -- for (i = 0; i < oldset->nodeNr; i++) {
> -- ctxt->cur = cur;
> --
> -- /*
> -- * Run the evaluation with a node list made of a single item
> -- * in the nodeset.
> -- */
> -- ctxt->context->node = oldset->nodeTab[i];
> -- tmp = xmlXPathNewNodeSet(ctxt->context->node);
> -- valuePush(ctxt, tmp);
> --
> -- xmlXPathEvalExpr(ctxt);
> -- CHECK_ERROR;
> --
> -- /*
> -- * The result of the evaluation need to be tested to
> -- * decided whether the filter succeeded or not
> -- */
> -- res = valuePop(ctxt);
> -- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
> -- if (range != NULL) {
> -- xmlXPtrLocationSetAdd(newset, range);
> -- }
> --
> -- /*
> -- * Cleanup
> -- */
> -- if (res != NULL)
> -- xmlXPathFreeObject(res);
> -- if (ctxt->value == tmp) {
> -- res = valuePop(ctxt);
> -- xmlXPathFreeObject(res);
> -- }
> --
> -- ctxt->context->node = NULL;
> -- }
> --
> -- /*
> -- * The result is used as the new evaluation set.
> -- */
> -- xmlXPathFreeObject(obj);
> -- ctxt->context->node = NULL;
> -- ctxt->context->contextSize = -1;
> -- ctxt->context->proximityPosition = -1;
> -- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
> -+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
> -+ int nargs ATTRIBUTE_UNUSED) {
> -+ XP_ERROR(XPATH_EXPR_ERROR);
> - }
> -
> - /**
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
> deleted file mode 100644
> index 0108265..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
> +++ /dev/null
> @@ -1,40 +0,0 @@
> -libxml2: Fix CVE-2017-0663
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
> -
> -valid: Fix type confusion in xmlValidateOneNamespace
> -
> -Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
> -on namespace declarations make no practical sense anyway.
> -
> -Fixes bug 780228
> -
> -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
> -CVE: CVE-2017-0663
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/valid.c b/valid.c
> -index 19f84b8..e03d35e 100644
> ---- a/valid.c
> -+++ b/valid.c
> -@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
> - }
> - }
> -
> -+ /*
> -+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
> -+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
> -+ * no practical sense to use ID types anyway.
> -+ */
> -+#if 0
> - /* Validity Constraint: ID uniqueness */
> - if (attrDecl->atype == XML_ATTRIBUTE_ID) {
> - if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
> -@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
> - if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
> - ret = 0;
> - }
> -+#endif
> -
> - /* Validity Constraint: Notation Attributes */
> - if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
> deleted file mode 100644
> index 571b05c..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
> +++ /dev/null
> @@ -1,62 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2017-5969
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
> -
> -valid: Fix NULL pointer deref in xmlDumpElementContent
> -
> -Can only be triggered in recovery mode.
> -
> -Fixes bug 758422
> -
> -Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882]
> -CVE: CVE-2017-5969
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/valid.c b/valid.c
> -index 19f84b8..0a8e58a 100644
> ---- a/valid.c
> -+++ b/valid.c
> -@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
> - xmlBufferWriteCHAR(buf, content->name);
> - break;
> - case XML_ELEMENT_CONTENT_SEQ:
> -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
> -+ if ((content->c1 != NULL) &&
> -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
> - xmlDumpElementContent(buf, content->c1, 1);
> - else
> - xmlDumpElementContent(buf, content->c1, 0);
> - xmlBufferWriteChar(buf, " , ");
> -- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
> -- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
> -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
> -+ if ((content->c2 != NULL) &&
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
> -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
> - xmlDumpElementContent(buf, content->c2, 1);
> - else
> - xmlDumpElementContent(buf, content->c2, 0);
> - break;
> - case XML_ELEMENT_CONTENT_OR:
> -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
> -+ if ((content->c1 != NULL) &&
> -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
> - xmlDumpElementContent(buf, content->c1, 1);
> - else
> - xmlDumpElementContent(buf, content->c1, 0);
> - xmlBufferWriteChar(buf, " | ");
> -- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
> -- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
> -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
> -+ if ((content->c2 != NULL) &&
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
> -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
> -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
> - xmlDumpElementContent(buf, content->c2, 1);
> - else
> - xmlDumpElementContent(buf, content->c2, 0);
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
> deleted file mode 100644
> index 26779aa..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
> +++ /dev/null
> @@ -1,37 +0,0 @@
> -From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
> -From: Hongxu Jia <hongxu.jia@windriver.com>
> -Date: Wed, 23 Aug 2017 16:04:49 +0800
> -Subject: [PATCH] fix CVE-2017-8872
> -
> -this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
> -il too here.
> -
> -this seems to cure this specific issue, and also passes the testsuite
> -
> -Signed-off-by: Marcus Meissner <meissner@suse.de>
> -
> -https://bugzilla.gnome.org/show_bug.cgi?id=775200
> -Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
> -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
> ----
> - parser.c | 4 ++++
> - 1 file changed, 4 insertions(+)
> -
> -diff --git a/parser.c b/parser.c
> -index 9506ead..6c07ffd 100644
> ---- a/parser.c
> -+++ b/parser.c
> -@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
> - }
> - ctxt->input->cur = BAD_CAST"";
> - ctxt->input->base = ctxt->input->cur;
> -+ if (ctxt->input->buf) {
> -+ xmlBufEmpty (ctxt->input->buf->buffer);
> -+ } else
> -+ ctxt->input->length = 0;
> - }
> - }
> -
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
> deleted file mode 100644
> index 8b03456..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
> +++ /dev/null
> @@ -1,103 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333
> - -- https://bugzilla.gnome.org/show_bug.cgi?id=781701
> -
> -valid: Fix buffer size checks in xmlSnprintfElementContent
> -
> -xmlSnprintfElementContent failed to correctly check the available
> -buffer space in two locations.
> -
> -Fixes bug 781333 and bug 781701
> -
> -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
> -CVE: CVE-2017-9047 CVE-2017-9048
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/result/valid/781333.xml b/result/valid/781333.xml
> -new file mode 100644
> -index 0000000..01baf11
> ---- /dev/null
> -+++ b/result/valid/781333.xml
> -@@ -0,0 +1,5 @@
> -+<?xml version="1.0"?>
> -+<!DOCTYPE a [
> -+<!ELEMENT a (ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> lllllllllllllllllllllllllllllllll)>
> -+]>
> -+<a/>
> -diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
> -new file mode 100644
> -index 0000000..2176200
> ---- /dev/null
> -+++ b/result/valid/781333.xml.err
> -@@ -0,0 +1,3 @@
> -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
> -+<a/>
> -+ ^
> -diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
> -new file mode 100644
> -index 0000000..1195a04
> ---- /dev/null
> -+++ b/result/valid/781333.xml.err.rdr
> -@@ -0,0 +1,6 @@
> -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
> -+<a/>
> -+ ^
> -+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
> -+
> -+^
> -diff --git a/test/valid/781333.xml b/test/valid/781333.xml
> -new file mode 100644
> -index 0000000..bceac9c
> ---- /dev/null
> -+++ b/test/valid/781333.xml
> -@@ -0,0 +1,4 @@
> -+<!DOCTYPE a [
> -+ <!ELEMENT a (ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
> pppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
> lllllllllllllllllllllllllllllllllllll)>
> -+]>
> -+<a/>
> -diff --git a/valid.c b/valid.c
> -index 19f84b8..aaa30f6 100644
> ---- a/valid.c
> -+++ b/valid.c
> -@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
> - case XML_ELEMENT_CONTENT_PCDATA:
> - strcat(buf, "#PCDATA");
> - break;
> -- case XML_ELEMENT_CONTENT_ELEMENT:
> -+ case XML_ELEMENT_CONTENT_ELEMENT: {
> -+ int qnameLen = xmlStrlen(content->name);
> -+
> -+ if (content->prefix != NULL)
> -+ qnameLen += xmlStrlen(content->prefix) + 1;
> -+ if (size - len < qnameLen + 10) {
> -+ strcat(buf, " ...");
> -+ return;
> -+ }
> - if (content->prefix != NULL) {
> -- if (size - len < xmlStrlen(content->prefix) + 10) {
> -- strcat(buf, " ...");
> -- return;
> -- }
> - strcat(buf, (char *) content->prefix);
> - strcat(buf, ":");
> - }
> -- if (size - len < xmlStrlen(content->name) + 10) {
> -- strcat(buf, " ...");
> -- return;
> -- }
> - if (content->name != NULL)
> - strcat(buf, (char *) content->name);
> - break;
> -+ }
> - case XML_ELEMENT_CONTENT_SEQ:
> - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
> - (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
> -@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
> - xmlSnprintfElementContent(buf, size, content->c2, 0);
> - break;
> - }
> -+ if (size - strlen(buf) <= 2) return;
> - if (englob)
> - strcat(buf, ")");
> - switch (content->ocur) {
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
> deleted file mode 100644
> index 591075d..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
> +++ /dev/null
> @@ -1,291 +0,0 @@
> -libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050
> -
> -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781205
> - -- https://bugzilla.gnome.org/show_bug.cgi?id=781361
> -
> -parser: Fix handling of parameter-entity references
> -
> -There were two bugs where parameter-entity references could lead to an
> -unexpected change of the input buffer in xmlParseNameComplex and
> -xmlDictLookup being called with an invalid pointer.
> -
> -Percent sign in DTD Names
> -=========================
> -
> -The NEXTL macro used to call xmlParserHandlePEReference. When parsing
> -"complex" names inside the DTD, this could result in entity expansion
> -which created a new input buffer. The fix is to simply remove the call
> -to xmlParserHandlePEReference from the NEXTL macro. This is safe because
> -no users of the macro require expansion of parameter entities.
> -
> -- xmlParseNameComplex
> -- xmlParseNCNameComplex
> -- xmlParseNmtoken
> -
> -The percent sign is not allowed in names, which are grammatical tokens.
> -
> -- xmlParseEntityValue
> -
> -Parameter-entity references in entity values are expanded but this
> -happens in a separate step in this function.
> -
> -- xmlParseSystemLiteral
> -
> -Parameter-entity references are ignored in the system literal.
> -
> -- xmlParseAttValueComplex
> -- xmlParseCharDataComplex
> -- xmlParseCommentComplex
> -- xmlParsePI
> -- xmlParseCDSect
> -
> -Parameter-entity references are ignored outside the DTD.
> -
> -- xmlLoadEntityContent
> -
> -This function is only called from xmlStringLenDecodeEntities and
> -entities are replaced in a separate step immediately after the function
> -call.
> -
> -This bug could also be triggered with an internal subset and double
> -entity expansion.
> -
> -This fixes bug 766956 initially reported by Wei Lei and independently by
> -Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
> -involved.
> -
> -xmlParseNameComplex with XML_PARSE_OLD10
> -========================================
> -
> -When parsing Names inside an expanded parameter entity with the
> -XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
> -GROW macro if the input buffer was exhausted. At the end of the
> -parameter entity's replacement text, this function would then call
> -xmlPopInput which invalidated the input buffer.
> -
> -There should be no need to invoke GROW in this situation because the
> -buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
> -at least for UTF-8, in xmlCurrentChar. This also matches the code path
> -executed when XML_PARSE_OLD10 is not set.
> -
> -This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
> -Thanks to Marcel Böhme and Thuan Pham for the report.
> -
> -Additional hardening
> -====================
> -
> -A separate check was added in xmlParseNameComplex to validate the
> -buffer size.
> -
> -Fixes bug 781205 and bug 781361
> -
> -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
> -CVE: CVE-2017-9049 CVE-2017-9050
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/Makefile.am b/Makefile.am
> -index 9f988b0..dab15a4 100644
> ---- a/Makefile.am
> -+++ b/Makefile.am
> -@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
> - if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
> - rm result.$$name error.$$name ; \
> - fi ; fi ; done)
> -+ @echo "## Error cases regression tests (old 1.0)"
> -+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
> -+ name=`basename $$i`; \
> -+ if [ ! -d $$i ] ; then \
> -+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
> -+ echo New test file $$name ; \
> -+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
> -+ 2> $(srcdir)/result/errors10/$$name.err \
> -+ > $(srcdir)/result/errors10/$$name ; \
> -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
> -+ else \
> -+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
> -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
> -+ diff $(srcdir)/result/errors10/$$name result.$$name ; \
> -+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
> -+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
> -+ rm result.$$name error.$$name ; \
> -+ fi ; fi ; done)
> - @echo "## Error cases stream regression tests"
> - -@(for i in $(srcdir)/test/errors/*.xml ; do \
> - name=`basename $$i`; \
> -diff --git a/parser.c b/parser.c
> -index 609a270..8e11c12 100644
> ---- a/parser.c
> -+++ b/parser.c
> -@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
> - ctxt->input->line++; ctxt->input->col = 1; \
> - } else ctxt->input->col++; \
> - ctxt->input->cur += l; \
> -- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
> - } while (0)
> -
> - #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
> -@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
> - len += l;
> - NEXTL(l);
> - c = CUR_CHAR(l);
> -- if (c == 0) {
> -- count = 0;
> -- GROW;
> -- if (ctxt->instate == XML_PARSER_EOF)
> -- return(NULL);
> -- c = CUR_CHAR(l);
> -- }
> - }
> - }
> - if ((len > XML_MAX_NAME_LENGTH) &&
> -@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
> - xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
> - return(NULL);
> - }
> -+ if (ctxt->input->cur - ctxt->input->base < len) {
> -+ /*
> -+ * There were a couple of bugs where PERefs lead to to a change
> -+ * of the buffer. Check the buffer size to avoid passing an invalid
> -+ * pointer to xmlDictLookup.
> -+ */
> -+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
> -+ "unexpected change of input buffer");
> -+ return (NULL);
> -+ }
> - if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
> - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
> - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
> -diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
> -new file mode 100644
> -index 0000000..e69de29
> -diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
> -new file mode 100644
> -index 0000000..da15c3f
> ---- /dev/null
> -+++ b/result/errors10/781205.xml.err
> -@@ -0,0 +1,21 @@
> -+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
> -+
> -+ %a;
> -+ ^
> -+Entity: line 1:
> -+<:0000
> -+^
> -+Entity: line 1: parser error : DOCTYPE improperly terminated
> -+ %a;
> -+ ^
> -+Entity: line 1:
> -+<:0000
> -+^
> -+namespace error : Failed to parse QName ':0000'
> -+ %a;
> -+ ^
> -+<:0000
> -+ ^
> -+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
> -+
> -+^
> -diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
> -new file mode 100644
> -index 0000000..e69de29
> -diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
> -new file mode 100644
> -index 0000000..655f41a
> ---- /dev/null
> -+++ b/result/errors10/781361.xml.err
> -@@ -0,0 +1,13 @@
> -+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
> -+
> -+^
> -+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
> -+
> -+
> -+^
> -+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
> -+
> -+^
> -+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
> -+
> -+^
> -diff --git a/result/valid/766956.xml b/result/valid/766956.xml
> -new file mode 100644
> -index 0000000..e69de29
> -diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
> -new file mode 100644
> -index 0000000..34b1dae
> ---- /dev/null
> -+++ b/result/valid/766956.xml.err
> -@@ -0,0 +1,9 @@
> -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
> -+%ä%ent;
> -+ ^
> -+Entity: line 1: parser error : Content error in the external subset
> -+ %ent;
> -+ ^
> -+Entity: line 1:
> -+value
> -+^
> -diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
> -new file mode 100644
> -index 0000000..7760346
> ---- /dev/null
> -+++ b/result/valid/766956.xml.err.rdr
> -@@ -0,0 +1,10 @@
> -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
> -+%ä%ent;
> -+ ^
> -+Entity: line 1: parser error : Content error in the external subset
> -+ %ent;
> -+ ^
> -+Entity: line 1:
> -+value
> -+^
> -+./test/valid/766956.xml : failed to parse
> -diff --git a/runtest.c b/runtest.c
> -index bb74d2a..63e8c20 100644
> ---- a/runtest.c
> -+++ b/runtest.c
> -@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
> - { "Error cases regression tests",
> - errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
> - 0 },
> -+ { "Error cases regression tests (old 1.0)",
> -+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
> -+ XML_PARSE_OLD10 },
> - #ifdef LIBXML_READER_ENABLED
> - { "Error cases stream regression tests",
> - streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
> -diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
> -new file mode 100644
> -index 0000000..d9e9e83
> ---- /dev/null
> -+++ b/test/errors10/781205.xml
> -@@ -0,0 +1,3 @@
> -+<!DOCTYPE D [
> -+ <!ENTITY % a "<:0000">
> -+ %a;
> -diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
> -new file mode 100644
> -index 0000000..67476bc
> ---- /dev/null
> -+++ b/test/errors10/781361.xml
> -@@ -0,0 +1,3 @@
> -+<!DOCTYPE doc [
> -+ <!ENTITY % elem "<!ELEMENT e0000000000">
> -+ %elem;
> -diff --git a/test/valid/766956.xml b/test/valid/766956.xml
> -new file mode 100644
> -index 0000000..19a95a0
> ---- /dev/null
> -+++ b/test/valid/766956.xml
> -@@ -0,0 +1,2 @@
> -+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
> -+<test/>
> -diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
> -new file mode 100644
> -index 0000000..dddde68
> ---- /dev/null
> -+++ b/test/valid/dtds/766956.dtd
> -@@ -0,0 +1,2 @@
> -+<!ENTITY % ent "value">
> -+%ä%ent;
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
> deleted file mode 100644
> index c60e32f..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
> +++ /dev/null
> @@ -1,45 +0,0 @@
> -libxml2-2.9.4: Fix more NULL pointer derefs
> -
> -xpointer: Fix more NULL pointer derefs
> -
> -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd]
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
> -
> -diff --git a/xpointer.c b/xpointer.c
> -index 676c510..074db24 100644
> ---- a/xpointer.c
> -+++ b/xpointer.c
> -@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
> - /*
> - * Empty set ...
> - */
> -- if (end->nodesetval->nodeNr <= 0)
> -+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
> - return(NULL);
> - break;
> - default:
> -@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
> - */
> - xmlNodeSetPtr set;
> - set = tmp->nodesetval;
> -- if ((set->nodeNr != 1) ||
> -+ if ((set == NULL) || (set->nodeNr != 1) ||
> - (set->nodeTab[0] != (xmlNodePtr) ctx->doc))
> - stack++;
> - } else
> -@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
> - xmlXPathFreeObject(set);
> - XP_ERROR(XPATH_MEMORY_ERROR);
> - }
> -- for (i = 0;i < oldset->locNr;i++) {
> -- xmlXPtrLocationSetAdd(newset,
> -- xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
> -+ if (oldset != NULL) {
> -+ for (i = 0;i < oldset->locNr;i++) {
> -+ xmlXPtrLocationSetAdd(newset,
> -+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
> -+ }
> - }
> -
> - /*
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
> deleted file mode 100644
> index faa5770..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
> +++ /dev/null
> @@ -1,590 +0,0 @@
> -libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2
> -
> -[No upstream tracking]
> -
> -parser: Avoid reparsing in xmlParseStartTag2
> -
> -The code in xmlParseStartTag2 must handle the case that the input
> -buffer was grown and reallocated which can invalidate pointers to
> -attribute values. Before, this was handled by detecting changes of
> -the input buffer "base" pointer and, in case of a change, jumping
> -back to the beginning of the function and reparsing the start tag.
> -
> -The major problem of this approach is that whether an input buffer is
> -reallocated is nondeterministic, resulting in seemingly random test
> -failures. See the mailing list thread "runtest mystery bug: name2.xml
> -error case regression test" from 2012, for example.
> -
> -If a reallocation was detected, the code also made no attempts to
> -continue parsing in case of errors which makes a difference in
> -the lax "recover" mode.
> -
> -Now we store the current input buffer "base" pointer for each (not
> -separately allocated) attribute in the namespace URI field, which isn't
> -used until later. After the whole start tag was parsed, the pointers to
> -the attribute values are reconstructed using the offset between the
> -new and the old input buffer. This relies on arithmetic on dangling
> -pointers which is technically undefined behavior. But it seems like
> -the easiest and most efficient fix and a similar approach is used in
> -xmlParserInputGrow.
> -
> -This changes the error output of several tests, typically making it
> -more verbose because we try harder to continue parsing in case of errors.
> -
> -(Another possible solution is to check not only the "base" pointer
> -but the size of the input buffer as well. But this would result in
> -even more reparsing.)
> -
> -Remove some goto labels and deduplicate a bit of code after handling
> -namespaces.
> -
> -There were two bugs where parameter-entity references could lead to an
> -unexpected change of the input buffer in xmlParseNameComplex and
> -xmlDictLookup being called with an invalid pointer.
> -
> -
> -Upstream-Status: Backport
> - - [https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349]
> - - [https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0]
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/parser.c b/parser.c
> -index 609a270..74016e3 100644
> ---- a/parser.c
> -+++ b/parser.c
> -@@ -43,6 +43,7 @@
> - #include <limits.h>
> - #include <string.h>
> - #include <stdarg.h>
> -+#include <stddef.h>
> - #include <libxml/xmlmemory.h>
> - #include <libxml/threads.h>
> - #include <libxml/globals.h>
> -@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
> - const xmlChar **atts = ctxt->atts;
> - int maxatts = ctxt->maxatts;
> - int nratts, nbatts, nbdef;
> -- int i, j, nbNs, attval, oldline, oldcol, inputNr;
> -- const xmlChar *base;
> -+ int i, j, nbNs, attval;
> - unsigned long cur;
> - int nsNr = ctxt->nsNr;
> -
> -@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
> - * The Shrinking is only possible once the full set of attribute
> - * callbacks have been done.
> - */
> --reparse:
> - SHRINK;
> -- base = ctxt->input->base;
> - cur = ctxt->input->cur - ctxt->input->base;
> -- inputNr = ctxt->inputNr;
> -- oldline = ctxt->input->line;
> -- oldcol = ctxt->input->col;
> - nbatts = 0;
> - nratts = 0;
> - nbdef = 0;
> -@@ -9422,8 +9417,6 @@ reparse:
> - */
> - SKIP_BLANKS;
> - GROW;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> -
> - while (((RAW != '>') &&
> - ((RAW != '/') || (NXT(1) != '>')) &&
> -@@ -9434,203 +9427,174 @@ reparse:
> -
> - attname = xmlParseAttribute2(ctxt, prefix, localname,
> - &aprefix, &attvalue, &len, &alloc);
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
> -- if ((attvalue != NULL) && (alloc != 0))
> -- xmlFree(attvalue);
> -- attvalue = NULL;
> -- goto base_changed;
> -- }
> -- if ((attname != NULL) && (attvalue != NULL)) {
> -- if (len < 0) len = xmlStrlen(attvalue);
> -- if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
> -- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
> -- xmlURIPtr uri;
> --
> -- if (URL == NULL) {
> -- xmlErrMemory(ctxt, "dictionary allocation failure");
> -- if ((attvalue != NULL) && (alloc != 0))
> -- xmlFree(attvalue);
> -- return(NULL);
> -- }
> -- if (*URL != 0) {
> -- uri = xmlParseURI((const char *) URL);
> -- if (uri == NULL) {
> -- xmlNsErr(ctxt, XML_WAR_NS_URI,
> -- "xmlns: '%s' is not a valid URI\n",
> -- URL, NULL, NULL);
> -- } else {
> -- if (uri->scheme == NULL) {
> -- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -- "xmlns: URI %s is not absolute\n",
> -- URL, NULL, NULL);
> -- }
> -- xmlFreeURI(uri);
> -- }
> -- if (URL == ctxt->str_xml_ns) {
> -- if (attname != ctxt->str_xml) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xml namespace URI cannot be the default namespace\n",
> -- NULL, NULL, NULL);
> -- }
> -- goto skip_default_ns;
> -- }
> -- if ((len == 29) &&
> -- (xmlStrEqual(URL,
> -- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "reuse of the xmlns namespace name is forbidden\n",
> -- NULL, NULL, NULL);
> -- goto skip_default_ns;
> -- }
> -- }
> -- /*
> -- * check that it's not a defined namespace
> -- */
> -- for (j = 1;j <= nbNs;j++)
> -- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
> -- break;
> -- if (j <= nbNs)
> -- xmlErrAttributeDup(ctxt, NULL, attname);
> -- else
> -- if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
> --skip_default_ns:
> -- if ((attvalue != NULL) && (alloc != 0)) {
> -- xmlFree(attvalue);
> -- attvalue = NULL;
> -- }
> -- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
> -- break;
> -- if (!IS_BLANK_CH(RAW)) {
> -- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
> -- "attributes construct error\n");
> -- break;
> -- }
> -- SKIP_BLANKS;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> -- continue;
> -- }
> -- if (aprefix == ctxt->str_xmlns) {
> -- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
> -- xmlURIPtr uri;
> --
> -- if (attname == ctxt->str_xml) {
> -- if (URL != ctxt->str_xml_ns) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xml namespace prefix mapped to wrong URI\n",
> -- NULL, NULL, NULL);
> -- }
> -- /*
> -- * Do not keep a namespace definition node
> -- */
> -- goto skip_ns;
> -- }
> -+ if ((attname == NULL) || (attvalue == NULL))
> -+ goto next_attr;
> -+ if (len < 0) len = xmlStrlen(attvalue);
> -+
> -+ if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
> -+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
> -+ xmlURIPtr uri;
> -+
> -+ if (URL == NULL) {
> -+ xmlErrMemory(ctxt, "dictionary allocation failure");
> -+ if ((attvalue != NULL) && (alloc != 0))
> -+ xmlFree(attvalue);
> -+ return(NULL);
> -+ }
> -+ if (*URL != 0) {
> -+ uri = xmlParseURI((const char *) URL);
> -+ if (uri == NULL) {
> -+ xmlNsErr(ctxt, XML_WAR_NS_URI,
> -+ "xmlns: '%s' is not a valid URI\n",
> -+ URL, NULL, NULL);
> -+ } else {
> -+ if (uri->scheme == NULL) {
> -+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -+ "xmlns: URI %s is not absolute\n",
> -+ URL, NULL, NULL);
> -+ }
> -+ xmlFreeURI(uri);
> -+ }
> - if (URL == ctxt->str_xml_ns) {
> -- if (attname != ctxt->str_xml) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xml namespace URI mapped to wrong prefix\n",
> -- NULL, NULL, NULL);
> -- }
> -- goto skip_ns;
> -- }
> -- if (attname == ctxt->str_xmlns) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "redefinition of the xmlns prefix is forbidden\n",
> -- NULL, NULL, NULL);
> -- goto skip_ns;
> -- }
> -- if ((len == 29) &&
> -- (xmlStrEqual(URL,
> -- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "reuse of the xmlns namespace name is forbidden\n",
> -- NULL, NULL, NULL);
> -- goto skip_ns;
> -- }
> -- if ((URL == NULL) || (URL[0] == 0)) {
> -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -- "xmlns:%s: Empty XML namespace is not allowed\n",
> -- attname, NULL, NULL);
> -- goto skip_ns;
> -- } else {
> -- uri = xmlParseURI((const char *) URL);
> -- if (uri == NULL) {
> -- xmlNsErr(ctxt, XML_WAR_NS_URI,
> -- "xmlns:%s: '%s' is not a valid URI\n",
> -- attname, URL, NULL);
> -- } else {
> -- if ((ctxt->pedantic) && (uri->scheme == NULL)) {
> -- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -- "xmlns:%s: URI %s is not absolute\n",
> -- attname, URL, NULL);
> -- }
> -- xmlFreeURI(uri);
> -- }
> -- }
> --
> -- /*
> -- * check that it's not a defined namespace
> -- */
> -- for (j = 1;j <= nbNs;j++)
> -- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
> -- break;
> -- if (j <= nbNs)
> -- xmlErrAttributeDup(ctxt, aprefix, attname);
> -- else
> -- if (nsPush(ctxt, attname, URL) > 0) nbNs++;
> --skip_ns:
> -- if ((attvalue != NULL) && (alloc != 0)) {
> -- xmlFree(attvalue);
> -- attvalue = NULL;
> -- }
> -- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
> -- break;
> -- if (!IS_BLANK_CH(RAW)) {
> -- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
> -- "attributes construct error\n");
> -- break;
> -- }
> -- SKIP_BLANKS;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> -- continue;
> -- }
> -+ if (attname != ctxt->str_xml) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xml namespace URI cannot be the default namespace\n",
> -+ NULL, NULL, NULL);
> -+ }
> -+ goto next_attr;
> -+ }
> -+ if ((len == 29) &&
> -+ (xmlStrEqual(URL,
> -+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "reuse of the xmlns namespace name is forbidden\n",
> -+ NULL, NULL, NULL);
> -+ goto next_attr;
> -+ }
> -+ }
> -+ /*
> -+ * check that it's not a defined namespace
> -+ */
> -+ for (j = 1;j <= nbNs;j++)
> -+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
> -+ break;
> -+ if (j <= nbNs)
> -+ xmlErrAttributeDup(ctxt, NULL, attname);
> -+ else
> -+ if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
> -+
> -+ } else if (aprefix == ctxt->str_xmlns) {
> -+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
> -+ xmlURIPtr uri;
> -+
> -+ if (attname == ctxt->str_xml) {
> -+ if (URL != ctxt->str_xml_ns) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xml namespace prefix mapped to wrong URI\n",
> -+ NULL, NULL, NULL);
> -+ }
> -+ /*
> -+ * Do not keep a namespace definition node
> -+ */
> -+ goto next_attr;
> -+ }
> -+ if (URL == ctxt->str_xml_ns) {
> -+ if (attname != ctxt->str_xml) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xml namespace URI mapped to wrong prefix\n",
> -+ NULL, NULL, NULL);
> -+ }
> -+ goto next_attr;
> -+ }
> -+ if (attname == ctxt->str_xmlns) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "redefinition of the xmlns prefix is forbidden\n",
> -+ NULL, NULL, NULL);
> -+ goto next_attr;
> -+ }
> -+ if ((len == 29) &&
> -+ (xmlStrEqual(URL,
> -+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "reuse of the xmlns namespace name is forbidden\n",
> -+ NULL, NULL, NULL);
> -+ goto next_attr;
> -+ }
> -+ if ((URL == NULL) || (URL[0] == 0)) {
> -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
> -+ "xmlns:%s: Empty XML namespace is not allowed\n",
> -+ attname, NULL, NULL);
> -+ goto next_attr;
> -+ } else {
> -+ uri = xmlParseURI((const char *) URL);
> -+ if (uri == NULL) {
> -+ xmlNsErr(ctxt, XML_WAR_NS_URI,
> -+ "xmlns:%s: '%s' is not a valid URI\n",
> -+ attname, URL, NULL);
> -+ } else {
> -+ if ((ctxt->pedantic) && (uri->scheme == NULL)) {
> -+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
> -+ "xmlns:%s: URI %s is not absolute\n",
> -+ attname, URL, NULL);
> -+ }
> -+ xmlFreeURI(uri);
> -+ }
> -+ }
> -
> -- /*
> -- * Add the pair to atts
> -- */
> -- if ((atts == NULL) || (nbatts + 5 > maxatts)) {
> -- if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
> -- if (attvalue[len] == 0)
> -- xmlFree(attvalue);
> -- goto failed;
> -- }
> -- maxatts = ctxt->maxatts;
> -- atts = ctxt->atts;
> -- }
> -- ctxt->attallocs[nratts++] = alloc;
> -- atts[nbatts++] = attname;
> -- atts[nbatts++] = aprefix;
> -- atts[nbatts++] = NULL; /* the URI will be fetched later */
> -- atts[nbatts++] = attvalue;
> -- attvalue += len;
> -- atts[nbatts++] = attvalue;
> -- /*
> -- * tag if some deallocation is needed
> -- */
> -- if (alloc != 0) attval = 1;
> -- } else {
> -- if ((attvalue != NULL) && (attvalue[len] == 0))
> -- xmlFree(attvalue);
> -- }
> -+ /*
> -+ * check that it's not a defined namespace
> -+ */
> -+ for (j = 1;j <= nbNs;j++)
> -+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
> -+ break;
> -+ if (j <= nbNs)
> -+ xmlErrAttributeDup(ctxt, aprefix, attname);
> -+ else
> -+ if (nsPush(ctxt, attname, URL) > 0) nbNs++;
> -+
> -+ } else {
> -+ /*
> -+ * Add the pair to atts
> -+ */
> -+ if ((atts == NULL) || (nbatts + 5 > maxatts)) {
> -+ if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
> -+ goto next_attr;
> -+ }
> -+ maxatts = ctxt->maxatts;
> -+ atts = ctxt->atts;
> -+ }
> -+ ctxt->attallocs[nratts++] = alloc;
> -+ atts[nbatts++] = attname;
> -+ atts[nbatts++] = aprefix;
> -+ /*
> -+ * The namespace URI field is used temporarily to point at the
> -+ * base of the current input buffer for non-alloced attributes.
> -+ * When the input buffer is reallocated, all the pointers become
> -+ * invalid, but they can be reconstructed later.
> -+ */
> -+ if (alloc)
> -+ atts[nbatts++] = NULL;
> -+ else
> -+ atts[nbatts++] = ctxt->input->base;
> -+ atts[nbatts++] = attvalue;
> -+ attvalue += len;
> -+ atts[nbatts++] = attvalue;
> -+ /*
> -+ * tag if some deallocation is needed
> -+ */
> -+ if (alloc != 0) attval = 1;
> -+ attvalue = NULL; /* moved into atts */
> -+ }
> -
> --failed:
> -+next_attr:
> -+ if ((attvalue != NULL) && (alloc != 0)) {
> -+ xmlFree(attvalue);
> -+ attvalue = NULL;
> -+ }
> -
> - GROW
> - if (ctxt->instate == XML_PARSER_EOF)
> - break;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> - if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
> - break;
> - if (!IS_BLANK_CH(RAW)) {
> -@@ -9646,8 +9610,20 @@ failed:
> - break;
> - }
> - GROW;
> -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
> -- goto base_changed;
> -+ }
> -+
> -+ /* Reconstruct attribute value pointers. */
> -+ for (i = 0, j = 0; j < nratts; i += 5, j++) {
> -+ if (atts[i+2] != NULL) {
> -+ /*
> -+ * Arithmetic on dangling pointers is technically undefined
> -+ * behavior, but well...
> -+ */
> -+ ptrdiff_t offset = ctxt->input->base - atts[i+2];
> -+ atts[i+2] = NULL; /* Reset repurposed namespace URI */
> -+ atts[i+3] += offset; /* value */
> -+ atts[i+4] += offset; /* valuend */
> -+ }
> - }
> -
> - /*
> -@@ -9804,34 +9780,6 @@ failed:
> - }
> -
> - return(localname);
> --
> --base_changed:
> -- /*
> -- * the attribute strings are valid iif the base didn't changed
> -- */
> -- if (attval != 0) {
> -- for (i = 3,j = 0; j < nratts;i += 5,j++)
> -- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
> -- xmlFree((xmlChar *) atts[i]);
> -- }
> --
> -- /*
> -- * We can't switch from one entity to another in the middle
> -- * of a start tag
> -- */
> -- if (inputNr != ctxt->inputNr) {
> -- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
> -- "Start tag doesn't start and stop in the same entity\n");
> -- return(NULL);
> -- }
> --
> -- ctxt->input->cur = ctxt->input->base + cur;
> -- ctxt->input->line = oldline;
> -- ctxt->input->col = oldcol;
> -- if (ctxt->wellFormed == 1) {
> -- goto reparse;
> -- }
> -- return(NULL);
> - }
> -
> - /**
> -diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err
> -index e08d9bf..f6036a3 100644
> ---- a/result/errors/759398.xml.err
> -+++ b/result/errors/759398.xml.err
> -@@ -1,9 +1,12 @@
> - ./test/errors/759398.xml:210: parser error : StartTag: invalid element name
> - need to worry about parsers whi<! don't expand PErefs finding
> - ^
> --./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: spec line 50 and termdef
> -+./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№
> №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№�
> ��№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№�
> �№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№m line 308 and termdef
> - and provide access to their content and structure.</termdef> <termdef
> - ^
> --./test/errors/759398.xml:309: parser error : Extra content at the end of the document
> --and provide access to their content and structure.</termdef> <termdef
> -- ^
> -+./test/errors/759398.xml:314: parser error : Opening and ending tag mismatch: spec line 50 and p
> -+data and the information it must provide to the application.</p>
> -+ ^
> -+./test/errors/759398.xml:316: parser error : Extra content at the end of the document
> -+<div2 id='sec-origin-goals'>
> -+^
> -diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err
> -index 4f08538..c4c4fc8 100644
> ---- a/result/errors/attr1.xml.err
> -+++ b/result/errors/attr1.xml.err
> -@@ -1,6 +1,9 @@
> - ./test/errors/attr1.xml:2: parser error : AttValue: ' expected
> -
> - ^
> --./test/errors/attr1.xml:1: parser error : Extra content at the end of the document
> --<foo foo="oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> -- ^
> -+./test/errors/attr1.xml:2: parser error : attributes construct error
> -+
> -+^
> -+./test/errors/attr1.xml:2: parser error : Couldn't find end of Start Tag foo line 1
> -+
> -+^
> -diff --git a/result/errors/attr2.xml.err b/result/errors/attr2.xml.err
> -index c8a9c7d..77e342e 100644
> ---- a/result/errors/attr2.xml.err
> -+++ b/result/errors/attr2.xml.err
> -@@ -1,6 +1,9 @@
> - ./test/errors/attr2.xml:2: parser error : AttValue: ' expected
> -
> - ^
> --./test/errors/attr2.xml:1: parser error : Extra content at the end of the document
> --<foo foo=">ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> -- ^
> -+./test/errors/attr2.xml:2: parser error : attributes construct error
> -+
> -+^
> -+./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
> -+
> -+^
> -diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err
> -index a6649a1..8a6acee 100644
> ---- a/result/errors/name2.xml.err
> -+++ b/result/errors/name2.xml.err
> -@@ -1,6 +1,9 @@
> - ./test/errors/name2.xml:2: parser error : Specification mandate value for attribute fooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> -
> - ^
> --./test/errors/name2.xml:1: parser error : Extra content at the end of the document
> --<foo foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> -- ^
> -+./test/errors/name2.xml:2: parser error : attributes construct error
> -+
> -+^
> -+./test/errors/name2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
> -+
> -+^
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
> deleted file mode 100644
> index 65f6bef..0000000
> --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
> +++ /dev/null
> @@ -1,67 +0,0 @@
> -libxml2-2.9.4: Fix comparison with root node in xmlXPathCmpNodes and NULL pointer deref in XPointer
> -
> -xpath:
> - - Check for errors after evaluating first operand.
> - - Add sanity check for empty stack.
> - - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes
> -
> -Upstream-Status: Backport
> - - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
> - - [https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8]
> -CVE: CVE-2016-5131
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
> -
> -diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
> -new file mode 100644
> -index 0000000..d589882
> ---- /dev/null
> -+++ b/result/XPath/xptr/viderror
> -@@ -0,0 +1,4 @@
> -+
> -+========================
> -+Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
> -+Object is empty (NULL)
> -diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
> -new file mode 100644
> -index 0000000..da8c53b
> ---- /dev/null
> -+++ b/test/XPath/xptr/viderror
> -@@ -0,0 +1 @@
> -+xpointer(non-existing-fn()/range-to(id('chapter2')))
> -diff --git a/xpath.c b/xpath.c
> -index 113bce6..d992841 100644
> ---- a/xpath.c
> -+++ b/xpath.c
> -@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
> - * compute depth to root
> - */
> - for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
> -- if (cur == node1)
> -+ if (cur->parent == node1)
> - return(1);
> - depth2++;
> - }
> - root = cur;
> - for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
> -- if (cur == node2)
> -+ if (cur->parent == node2)
> - return(-1);
> - depth1++;
> - }
> -@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
> - xmlNodeSetPtr oldset;
> - int i, j;
> -
> -- if (op->ch1 != -1)
> -+ if (op->ch1 != -1) {
> - total +=
> - xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
> -+ CHECK_ERROR0;
> -+ }
> -+ if (ctxt->value == NULL) {
> -+ XP_ERROR0(XPATH_INVALID_OPERAND);
> -+ }
> - if (op->ch2 == -1)
> - return (total);
> -
> diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch b/meta/recipes-core/libxml/libxml2/runtest.patch
> index 6e56857..cb171d5 100644
> --- a/meta/recipes-core/libxml/libxml2/runtest.patch
> +++ b/meta/recipes-core/libxml/libxml2/runtest.patch
> @@ -2,47 +2,29 @@ Add 'install-ptest' rule.
> Print a standard result line for each test.
>
> Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
> -Signed-off-by: Andrej Valek <andrej.valek@enea.com>
> +Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> Upstream-Status: Backport
>
> diff -uNr a/Makefile.am b/Makefile.am
> ---- a/Makefile.am 2016-05-22 03:49:02.000000000 +0200
> -+++ b/Makefile.am 2017-06-14 10:38:43.381305385 +0200
> -@@ -202,10 +202,24 @@
> +--- a/Makefile.am 2017-08-28 15:01:14.000000000 +0200
> ++++ b/Makefile.am 2017-09-05 08:06:05.752287323 +0200
> +@@ -202,6 +202,15 @@
> #testOOM_DEPENDENCIES = $(DEPS)
> #testOOM_LDADD= $(LDADDS)
>
> +install-ptest:
> + @(if [ -d .libs ] ; then cd .libs; fi; \
> -+ install $(noinst_PROGRAMS) $(DESTDIR))
> ++ install $(check_PROGRAMS) $(DESTDIR))
> + cp -r $(srcdir)/test $(DESTDIR)
> + cp -r $(srcdir)/result $(DESTDIR)
> + cp -r $(srcdir)/python $(DESTDIR)
> + cp Makefile $(DESTDIR)
> + sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile
> +
> - runtests:
> + runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \
> + testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT)
> [ -d test ] || $(LN_S) $(srcdir)/test .
> - [ -d result ] || $(LN_S) $(srcdir)/result .
> -- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
> -+ $(CHECKER) ./runtest$(EXEEXT) && \
> -+ $(CHECKER) ./testrecurse$(EXEEXT) && \
> -+ ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) ./testapi$(EXEEXT) && \
> -+ $(CHECKER) ./testchar$(EXEEXT) && \
> -+ $(CHECKER) ./testdict$(EXEEXT) && \
> -+ $(CHECKER) ./runxmlconf$(EXEEXT)
> - @(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \
> - $(MAKE) tests ; fi)
> -
> -@@ -229,7 +243,7 @@
> -
> - APItests: testapi$(EXEEXT)
> - @echo "## Running the API regression tests this may take a little while"
> -- -@($(CHECKER) $(top_builddir)/testapi -q)
> -+ -@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) $(top_builddir)/testapi -q)
> -
> - HTMLtests : testHTML$(EXEEXT)
> - @(echo > .memdump)
> +
> diff -uNr a/runsuite.c b/runsuite.c
> --- a/runsuite.c 2013-04-12 16:17:11.462823238 +0200
> +++ b/runsuite.c 2013-04-17 14:07:24.352693211 +0200
> diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.7.bb
> similarity index 86%
> rename from meta/recipes-core/libxml/libxml2_2.9.4.bb
> rename to meta/recipes-core/libxml/libxml2_2.9.7.bb
> index 9adb29c..996e671 100644
> --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
> +++ b/meta/recipes-core/libxml/libxml2_2.9.7.bb
> @@ -19,21 +19,11 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
> file://run-ptest \
> file://python-sitepackages-dir.patch \
> file://libxml-m4-use-pkgconfig.patch \
> - file://libxml2-fix_node_comparison.patch \
> - file://libxml2-CVE-2016-5131.patch \
> - file://libxml2-CVE-2016-4658.patch \
> - file://libxml2-fix_NULL_pointer_derefs.patch \
> - file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
> - file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
> - file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
> - file://libxml2-CVE-2017-5969.patch \
> - file://libxml2-CVE-2017-0663.patch \
> - file://libxml2-CVE-2017-8872.patch \
> file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
> "
>
> -SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
> -SRC_URI[libtar.sha256sum] = "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c"
> +SRC_URI[libtar.md5sum] = "896608641a08b465098a40ddf51cefba"
> +SRC_URI[libtar.sha256sum] = "f63c5e7d30362ed28b38bfa1ac6313f9a80230720b7fb6c80575eeab3ff5900c"
> SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a"
> SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
>
> @@ -81,6 +71,10 @@ do_configure_prepend () {
> find ${WORKDIR}/xmlconf/ -type f -exec chmod -x {} \+
> }
>
> +do_compile_ptest() {
> + oe_runmake check-am
> +}
> +
> do_install_ptest () {
> cp -r ${WORKDIR}/xmlconf ${D}${PTEST_PATH}
> if [ "${@bb.utils.filter('PACKAGECONFIG', 'python', d)}" ]; then
>
^ permalink raw reply [flat|nested] 24+ messages in thread
end of thread, other threads:[~2017-11-06 7:36 UTC | newest]
Thread overview: 24+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-05 6:35 [PATCH] libxml2: 2.9.4 -> 2.9.5 Andrej Valek
2017-09-05 9:19 ` Burton, Ross
2017-09-05 17:28 ` Andrej Valek
2017-09-05 18:52 ` Burton, Ross
2017-09-06 6:16 ` Andrej Valek
2017-09-27 8:52 ` Andrej Valek
2017-09-27 15:35 ` Burton, Ross
2017-09-28 6:06 ` Andrej Valek
2017-09-28 9:34 ` Burton, Ross
2017-09-28 10:14 ` Andrej Valek
2017-09-28 10:24 ` Burton, Ross
2017-09-28 12:06 ` [PATCH v2] " Andrej Valek
2017-09-28 16:18 ` Burton, Ross
2017-09-29 7:16 ` Andrej Valek
2017-09-29 7:08 ` [PATCH v3] " Andrej Valek
2017-10-06 7:27 ` [PATCH v3] libxml2: 2.9.4 -> 2.9.6 Andrej Valek
2017-10-06 12:11 ` Alexander Kanavin
2017-10-06 13:19 ` Andrej Valek
2017-10-06 13:59 ` Alexander Kanavin
2017-11-06 7:34 ` Andrej Valek
2017-10-09 6:29 ` [PATCH v4] " Andrej Valek
2017-10-31 7:03 ` [PATCH v5] " Andrej Valek
2017-11-03 7:12 ` [PATCH v6] libxml2: 2.9.4 -> 2.9.7 Andrej Valek
2017-11-06 7:37 ` Andrej Valek
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.