Security
[CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
Fix potential double-free in xmlXPtrStringRangeFunction
Fix memory leak in xmlFindCharEncodingHandler
Normalize XPath strings in-place
Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() (David Kilzer)
Fix leak of xmlElementContent (David Kilzer)
Bug fixes
Fix parsing of subtracted regex character classes
Fix recursion check in xinclude.c
Reset last error in xmlCleanupGlobals
Fix certain combinations of regex range quantifiers
Fix range quantifier on subregex
Improvements
Fix recovery from invalid HTML start tags
Build system, portability
Define LFS macros before including system headers
Initialize XPath floating-point globals
configure: check for icu DEFS (James Hilliard)
configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
Fix build with older Python versions
Fix --without-valid build
(From OE-Core rev: 393b81058f3b970eb906a7f9daa842d8a0747700)
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c4ba21f4012e8859fc793bec7df76e56eb8058ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- new version includes fix for CVE-2022-23308
- drop patche which was upstream
- refresh patch
(From OE-Core rev: d687f1ac2017a1cc94ac4733cd46755d5aabd120)
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop CVE patches which are fixed by the new upstream version.
Modify conflicting patches to apply to the new versions:
libxml2/libxml-m4-use-pkgconfig.patch
libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch
Drop fix-python39, which is merged upstream.
Removed hunk for tstLastError.py from
libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch
since it has been fixed upstream by:
8c3e52e: Updated python/tests/tstLastError.py
libxml2.registerErrorHandler(None,None):
None is not acceptable as first argument
failUnlessEqual replaced by assertEqual
The checksums for the licence file changed because a typo was fixed
across the files. The licence remains the same.
The obsolete MD5 checksums for the tar files have been dropped in
favor of SHA256.
The new release also adds fuzz tests, which are removed from the
makefile to allow the ptests to run. Fuzz testing is done upstream
and there is no need to run them as part of ptests which are
intended for functionality testing.
(From OE-Core rev: c7c429d05ca51b0404f09981f6c9bcad7dc33222)
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The code: suppose $1 == 2.7:
verdep=ifelse([$1], [], [], [>= $1])
results in:
verdep=>= 2.7
This is wrong in shell:
bash: 2.7: command not found
Use quotation marks to fix the problem.
(From OE-Core rev: 190b57a5f130f8a48d417ad472c0131c49302ee1)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream AM_PATH_XML2 uses xml2-config which we disable, so port this macro to
use pkg-config.
(From OE-Core rev: 3ea77e69a839572a948ff6f1e51d3ca789ad8eed)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
