[ptxdist] [PATCH] libxml2: version bump 2.9.12 -> 2.9.13

[ptxdist] [PATCH] libxml2: version bump 2.9.12 -> 2.9.13

[Alexander Dahl]

- Security fixes for CVE-2022-23308, use-after-free, null-deref, and memory leaks
- Regression fixes
- Bug fixes
- Improvements in code quality
- Build system fixes
- Documentation updates

One upstream patch had to be added for fixing a build error if
PTXCONF_LIBXML2_DTD is not set and --without-valid is passed to
configure.

The download location and tarball compression format changed.
While the old location is still there, it does not have the new tarball.
The new location however has only tarballs in .xz format, no .gz
anymore.  Thus both have to be changed.

Link: https://mail.gnome.org/archives/xml/2022-February/msg00009.html
Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
 .../0001-Fix-without-valid-build.patch        | 85 +++++++++++++++++++
 ...200-xml2-config-is-not-SYSROOT-aware.patch |  2 +-
 .../{libxml2-2.9.12 => libxml2-2.9.13}/series |  3 +-
 rules/libxml2.make                            | 12 ++-
 4 files changed, 93 insertions(+), 9 deletions(-)
 create mode 100644 patches/libxml2-2.9.13/0001-Fix-without-valid-build.patch
 rename patches/{libxml2-2.9.12 => libxml2-2.9.13}/0200-xml2-config-is-not-SYSROOT-aware.patch (93%)
 rename patches/{libxml2-2.9.12 => libxml2-2.9.13}/series (62%)

diff --git a/patches/libxml2-2.9.13/0001-Fix-without-valid-build.patch b/patches/libxml2-2.9.13/0001-Fix-without-valid-build.patch
new file mode 100644
index 000000000..121918d66
--- /dev/null
+++ b/patches/libxml2-2.9.13/0001-Fix-without-valid-build.patch
@@ -0,0 +1,85 @@
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 22 Feb 2022 11:51:08 +0100
+Subject: [PATCH] Fix --without-valid build
+
+Regressed in commit 652dd12a.
+---
+ valid.c | 58 +++++++++++++++++++++++++++++-----------------------------
+ 1 file changed, 29 insertions(+), 29 deletions(-)
+
+diff --git a/valid.c b/valid.c
+index 8e596f1db3db..9684683a0801 100644
+--- a/valid.c
++++ b/valid.c
+@@ -479,35 +479,6 @@ nodeVPop(xmlValidCtxtPtr ctxt)
+     return (ret);
+ }
+ 
+-/**
+- * xmlValidNormalizeString:
+- * @str: a string
+- *
+- * Normalize a string in-place.
+- */
+-static void
+-xmlValidNormalizeString(xmlChar *str) {
+-    xmlChar *dst;
+-    const xmlChar *src;
+-
+-    if (str == NULL)
+-        return;
+-    src = str;
+-    dst = str;
+-
+-    while (*src == 0x20) src++;
+-    while (*src != 0) {
+-	if (*src == 0x20) {
+-	    while (*src == 0x20) src++;
+-	    if (*src != 0)
+-		*dst++ = 0x20;
+-	} else {
+-	    *dst++ = *src++;
+-	}
+-    }
+-    *dst = 0;
+-}
+-
+ #ifdef DEBUG_VALID_ALGO
+ static void
+ xmlValidPrintNode(xmlNodePtr cur) {
+@@ -2636,6 +2607,35 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) {
+ 	    (xmlDictOwns(dict, (const xmlChar *)(str)) == 0)))	\
+ 	    xmlFree((char *)(str));
+ 
++/**
++ * xmlValidNormalizeString:
++ * @str: a string
++ *
++ * Normalize a string in-place.
++ */
++static void
++xmlValidNormalizeString(xmlChar *str) {
++    xmlChar *dst;
++    const xmlChar *src;
++
++    if (str == NULL)
++        return;
++    src = str;
++    dst = str;
++
++    while (*src == 0x20) src++;
++    while (*src != 0) {
++	if (*src == 0x20) {
++	    while (*src == 0x20) src++;
++	    if (*src != 0)
++		*dst++ = 0x20;
++	} else {
++	    *dst++ = *src++;
++	}
++    }
++    *dst = 0;
++}
++
+ static int
+ xmlIsStreaming(xmlValidCtxtPtr ctxt) {
+     xmlParserCtxtPtr pctxt;
diff --git a/patches/libxml2-2.9.12/0200-xml2-config-is-not-SYSROOT-aware.patch b/patches/libxml2-2.9.13/0200-xml2-config-is-not-SYSROOT-aware.patch
similarity index 93%
rename from patches/libxml2-2.9.12/0200-xml2-config-is-not-SYSROOT-aware.patch
rename to patches/libxml2-2.9.13/0200-xml2-config-is-not-SYSROOT-aware.patch
index 7204497b3..96bd12dbd 100644
--- a/patches/libxml2-2.9.12/0200-xml2-config-is-not-SYSROOT-aware.patch
+++ b/patches/libxml2-2.9.13/0200-xml2-config-is-not-SYSROOT-aware.patch
@@ -10,7 +10,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/xml2-config.in b/xml2-config.in
-index cb4aa613a68c..31f9e67a999b 100644
+index 5863ffa04956..b5effdb2d15e 100644
 --- a/xml2-config.in
 +++ b/xml2-config.in
 @@ -1,6 +1,6 @@
diff --git a/patches/libxml2-2.9.12/series b/patches/libxml2-2.9.13/series
similarity index 62%
rename from patches/libxml2-2.9.12/series
rename to patches/libxml2-2.9.13/series
index 05ba5ddea..7fe2357fb 100644
--- a/patches/libxml2-2.9.12/series
+++ b/patches/libxml2-2.9.13/series
@@ -1,6 +1,7 @@
 # generated by git-ptx-patches
 #tag:base --start-number 1
 #tag:upstream --start-number 1
+0001-Fix-without-valid-build.patch
 #tag:ptx --start-number 200
 0200-xml2-config-is-not-SYSROOT-aware.patch
-# b6720be956d1b4619bc1c347a0ceb1dd  - git-ptx-patches magic
+# df28c85ff842fd7fd31a18d4f65f58f2  - git-ptx-patches magic
diff --git a/rules/libxml2.make b/rules/libxml2.make
index c87a088d0..a38acacc8 100644
--- a/rules/libxml2.make
+++ b/rules/libxml2.make
@@ -16,10 +16,10 @@ PACKAGES-$(PTXCONF_LIBXML2) += libxml2
 #
 # Paths and names
 #
-LIBXML2_VERSION	:= 2.9.12
-LIBXML2_MD5	:= f433a39be087a9f0b197eb2307ad9f75
+LIBXML2_VERSION	:= 2.9.13
+LIBXML2_MD5	:= 824470f8cc325ae6b01f174b842c321f
 LIBXML2		:= libxml2-$(LIBXML2_VERSION)
-LIBXML2_SUFFIX	:= tar.gz
+LIBXML2_SUFFIX	:= tar.xz
 LIBXML2_SOURCE	:= $(SRCDIR)/$(LIBXML2).$(LIBXML2_SUFFIX)
 LIBXML2_DIR	:= $(BUILDDIR)/$(LIBXML2)
 LIBXML2_LICENSE	:= MIT AND ISC
@@ -29,10 +29,7 @@ LIBXML2_LICENSE_FILES := \
 	file://hash.c;startline=6;endline=15;md5=e77f77b12cb69e203d8b4090a0eee879
 
 LIBXML2_URL := \
-	http://xmlsoft.org/sources/$(LIBXML2).$(LIBXML2_SUFFIX) \
-	http://xmlsoft.org/sources/old/$(LIBXML2).$(LIBXML2_SUFFIX) \
-	ftp://xmlsoft.org/libxml2/$(LIBXML2).$(LIBXML2_SUFFIX) \
-	ftp://xmlsoft.org/libxml2/old/$(LIBXML2).$(LIBXML2_SUFFIX)
+	https://download.gnome.org/sources/libxml2/$(basename $(LIBXML2_VERSION))/$(LIBXML2).$(LIBXML2_SUFFIX)
 
 # ----------------------------------------------------------------------------
 # Prepare
@@ -47,6 +44,7 @@ LIBXML2_ENV	:= $(CROSS_ENV)
 LIBXML2_AUTOCONF := \
 	$(CROSS_AUTOCONF_USR) \
 	--disable-static \
+	--disable-rebuild-docs \
 	$(GLOBAL_IPV6_OPTION) \
 	--oldincludedir=$(SYSROOT)/usr/include \
 	--$(call ptx/wwo, PTXCONF_LIBXML2_C14N)-c14n \

base-commit: 553e2798c2c04af0f79d2ebe5ea5d5693aa831b6
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de

Re: [ptxdist] [APPLIED] libxml2: version bump 2.9.12 -> 2.9.13

[Michael Olbrich]

Thanks, applied as fd8d4b15c16bdb7456f9089872e70299bd44741c.

Michael

[sent from post-receive hook]

On Mon, 14 Mar 2022 11:14:34 +0100, Alexander Dahl <ada@thorsis.com> wrote:
> - Security fixes for CVE-2022-23308, use-after-free, null-deref, and memory leaks
> - Regression fixes
> - Bug fixes
> - Improvements in code quality
> - Build system fixes
> - Documentation updates
> 
> One upstream patch had to be added for fixing a build error if
> PTXCONF_LIBXML2_DTD is not set and --without-valid is passed to
> configure.
> 
> The download location and tarball compression format changed.
> While the old location is still there, it does not have the new tarball.
> The new location however has only tarballs in .xz format, no .gz
> anymore.  Thus both have to be changed.
> 
> Link: https://mail.gnome.org/archives/xml/2022-February/msg00009.html
> Signed-off-by: Alexander Dahl <ada@thorsis.com>
> Message-Id: <20220309163207.36477-1-ada@thorsis.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/patches/libxml2-2.9.13/0001-Fix-without-valid-build.patch b/patches/libxml2-2.9.13/0001-Fix-without-valid-build.patch
> new file mode 100644
> index 000000000000..121918d6662b
> --- /dev/null
> +++ b/patches/libxml2-2.9.13/0001-Fix-without-valid-build.patch
> @@ -0,0 +1,85 @@
> +From: Nick Wellnhofer <wellnhofer@aevum.de>
> +Date: Tue, 22 Feb 2022 11:51:08 +0100
> +Subject: [PATCH] Fix --without-valid build
> +
> +Regressed in commit 652dd12a.
> +---
> + valid.c | 58 +++++++++++++++++++++++++++++-----------------------------
> + 1 file changed, 29 insertions(+), 29 deletions(-)
> +
> +diff --git a/valid.c b/valid.c
> +index 8e596f1db3db..9684683a0801 100644
> +--- a/valid.c
> ++++ b/valid.c
> +@@ -479,35 +479,6 @@ nodeVPop(xmlValidCtxtPtr ctxt)
> +     return (ret);
> + }
> + 
> +-/**
> +- * xmlValidNormalizeString:
> +- * @str: a string
> +- *
> +- * Normalize a string in-place.
> +- */
> +-static void
> +-xmlValidNormalizeString(xmlChar *str) {
> +-    xmlChar *dst;
> +-    const xmlChar *src;
> +-
> +-    if (str == NULL)
> +-        return;
> +-    src = str;
> +-    dst = str;
> +-
> +-    while (*src == 0x20) src++;
> +-    while (*src != 0) {
> +-	if (*src == 0x20) {
> +-	    while (*src == 0x20) src++;
> +-	    if (*src != 0)
> +-		*dst++ = 0x20;
> +-	} else {
> +-	    *dst++ = *src++;
> +-	}
> +-    }
> +-    *dst = 0;
> +-}
> +-
> + #ifdef DEBUG_VALID_ALGO
> + static void
> + xmlValidPrintNode(xmlNodePtr cur) {
> +@@ -2636,6 +2607,35 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) {
> + 	    (xmlDictOwns(dict, (const xmlChar *)(str)) == 0)))	\
> + 	    xmlFree((char *)(str));
> + 
> ++/**
> ++ * xmlValidNormalizeString:
> ++ * @str: a string
> ++ *
> ++ * Normalize a string in-place.
> ++ */
> ++static void
> ++xmlValidNormalizeString(xmlChar *str) {
> ++    xmlChar *dst;
> ++    const xmlChar *src;
> ++
> ++    if (str == NULL)
> ++        return;
> ++    src = str;
> ++    dst = str;
> ++
> ++    while (*src == 0x20) src++;
> ++    while (*src != 0) {
> ++	if (*src == 0x20) {
> ++	    while (*src == 0x20) src++;
> ++	    if (*src != 0)
> ++		*dst++ = 0x20;
> ++	} else {
> ++	    *dst++ = *src++;
> ++	}
> ++    }
> ++    *dst = 0;
> ++}
> ++
> + static int
> + xmlIsStreaming(xmlValidCtxtPtr ctxt) {
> +     xmlParserCtxtPtr pctxt;
> diff --git a/patches/libxml2-2.9.12/0200-xml2-config-is-not-SYSROOT-aware.patch b/patches/libxml2-2.9.13/0200-xml2-config-is-not-SYSROOT-aware.patch
> similarity index 93%
> rename from patches/libxml2-2.9.12/0200-xml2-config-is-not-SYSROOT-aware.patch
> rename to patches/libxml2-2.9.13/0200-xml2-config-is-not-SYSROOT-aware.patch
> index 7204497b351a..96bd12dbd44e 100644
> --- a/patches/libxml2-2.9.12/0200-xml2-config-is-not-SYSROOT-aware.patch
> +++ b/patches/libxml2-2.9.13/0200-xml2-config-is-not-SYSROOT-aware.patch
> @@ -10,7 +10,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
>   1 file changed, 1 insertion(+), 1 deletion(-)
>  
>  diff --git a/xml2-config.in b/xml2-config.in
> -index cb4aa613a68c..31f9e67a999b 100644
> +index 5863ffa04956..b5effdb2d15e 100644
>  --- a/xml2-config.in
>  +++ b/xml2-config.in
>  @@ -1,6 +1,6 @@
> diff --git a/patches/libxml2-2.9.12/series b/patches/libxml2-2.9.13/series
> similarity index 62%
> rename from patches/libxml2-2.9.12/series
> rename to patches/libxml2-2.9.13/series
> index 05ba5ddea3dd..7fe2357fbe45 100644
> --- a/patches/libxml2-2.9.12/series
> +++ b/patches/libxml2-2.9.13/series
> @@ -1,6 +1,7 @@
>  # generated by git-ptx-patches
>  #tag:base --start-number 1
>  #tag:upstream --start-number 1
> +0001-Fix-without-valid-build.patch
>  #tag:ptx --start-number 200
>  0200-xml2-config-is-not-SYSROOT-aware.patch
> -# b6720be956d1b4619bc1c347a0ceb1dd  - git-ptx-patches magic
> +# df28c85ff842fd7fd31a18d4f65f58f2  - git-ptx-patches magic
> diff --git a/rules/libxml2.make b/rules/libxml2.make
> index c87a088d0aba..a38acacc8704 100644
> --- a/rules/libxml2.make
> +++ b/rules/libxml2.make
> @@ -16,10 +16,10 @@ PACKAGES-$(PTXCONF_LIBXML2) += libxml2
>  #
>  # Paths and names
>  #
> -LIBXML2_VERSION	:= 2.9.12
> -LIBXML2_MD5	:= f433a39be087a9f0b197eb2307ad9f75
> +LIBXML2_VERSION	:= 2.9.13
> +LIBXML2_MD5	:= 824470f8cc325ae6b01f174b842c321f
>  LIBXML2		:= libxml2-$(LIBXML2_VERSION)
> -LIBXML2_SUFFIX	:= tar.gz
> +LIBXML2_SUFFIX	:= tar.xz
>  LIBXML2_SOURCE	:= $(SRCDIR)/$(LIBXML2).$(LIBXML2_SUFFIX)
>  LIBXML2_DIR	:= $(BUILDDIR)/$(LIBXML2)
>  LIBXML2_LICENSE	:= MIT AND ISC
> @@ -29,10 +29,7 @@ LIBXML2_LICENSE_FILES := \
>  	file://hash.c;startline=6;endline=15;md5=e77f77b12cb69e203d8b4090a0eee879
>  
>  LIBXML2_URL := \
> -	http://xmlsoft.org/sources/$(LIBXML2).$(LIBXML2_SUFFIX) \
> -	http://xmlsoft.org/sources/old/$(LIBXML2).$(LIBXML2_SUFFIX) \
> -	ftp://xmlsoft.org/libxml2/$(LIBXML2).$(LIBXML2_SUFFIX) \
> -	ftp://xmlsoft.org/libxml2/old/$(LIBXML2).$(LIBXML2_SUFFIX)
> +	https://download.gnome.org/sources/libxml2/$(basename $(LIBXML2_VERSION))/$(LIBXML2).$(LIBXML2_SUFFIX)
>  
>  # ----------------------------------------------------------------------------
>  # Prepare
> @@ -47,6 +44,7 @@ LIBXML2_ENV	:= $(CROSS_ENV)
>  LIBXML2_AUTOCONF := \
>  	$(CROSS_AUTOCONF_USR) \
>  	--disable-static \
> +	--disable-rebuild-docs \
>  	$(GLOBAL_IPV6_OPTION) \
>  	--oldincludedir=$(SYSROOT)/usr/include \
>  	--$(call ptx/wwo, PTXCONF_LIBXML2_C14N)-c14n \

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de