main/libxml2: upgrade to 2.9.9

5 files changed, 3 insertions, 210 deletions

diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD
index 29a8a0ca83..120fab4118 100644
--- a/main/libxml2/APKBUILD
+++ b/main/libxml2/APKBUILD
@@ -1,8 +1,8 @@
 # Contributor: Carlo Landmeter <clandmeter@gmail.com>
 # Maintainer: Carlo Landmeter <clandmeter@gmail.com>
 pkgname=libxml2
-pkgver=2.9.8
-pkgrel=2
+pkgver=2.9.9
+pkgrel=0
 pkgdesc="XML parsing library, version 2"
 url="http://www.xmlsoft.org/"
 arch="all"
@@ -14,9 +14,6 @@ subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-utils
 	py-$pkgname:_py py2-$pkgname:_py py3-$pkgname:_py"
 options="!strip"
 source="http://xmlsoft.org/sources/$pkgname-$pkgver.tar.gz
-	CVE-2018-9251-CVE-2018-14567.patch
-	CVE-2018-14404.patch
-	Length-related-XHTML-parsing-errors.patch
 	"
 builddir="$srcdir/$pkgname-$pkgver"
 
@@ -111,7 +108,4 @@ utils() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-sha512sums="28903282c7672206effa1362fd564cbe4cf5be44264b083a7d14e383f73bccd1b81bcafb5f4f2f56f5e7e05914c660e27668c9ce91b1b9f256ef5358d55ba917  libxml2-2.9.8.tar.gz
-31f6cd6650b05cdd95455fd72927ef6b1f1d23ca4d8d5f776ee83277d670363dfe6bdd2c1330e8f9131212456dece2595b16868fc01f0ab750009b0a007eb513  CVE-2018-9251-CVE-2018-14567.patch
-c273b88d26e475e8a7f73e92ce9a77b1025f3704f11aa129c867e08424d32f1d7d81f4a2991d0cef28db4b8e122c6b356097be24b4651ef1b5a040a466bdcd13  CVE-2018-14404.patch
-939a7acd13014766b218d61256b7ac72279618f8831095f708f4713e080f45ab9d922846479d01f9995b8799bc24c38b5b73548968764d7315b6ffc9d3dc547a  Length-related-XHTML-parsing-errors.patch"
+sha512sums="cb7784ba4e72e942614e12e4f83f4ceb275f3d738b30e3b5c1f25edf8e9fa6789e854685974eed95b362049dbf6c8e7357e0327d64c681ed390534ac154e6810  libxml2-2.9.9.tar.gz"
diff --git a/main/libxml2/CVE-2018-14404.patch b/main/libxml2/CVE-2018-14404.patch
deleted file mode 100644
index aa25662e94..0000000000
--- a/main/libxml2/CVE-2018-14404.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From a436374994c47b12d5de1b8b1d191a098fa23594 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Mon, 30 Jul 2018 12:54:38 +0200
-Subject: [PATCH] Fix nullptr deref with XPath logic ops
-
-If the XPath stack is corrupted, for example by a misbehaving extension
-function, the "and" and "or" XPath operators could dereference NULL
-pointers. Check that the XPath stack isn't empty and optimize the
-logic operators slightly.
-
-Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/5
-
-Also see
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
-https://bugzilla.redhat.com/show_bug.cgi?id=1595985
-
-This is CVE-2018-14404.
-
-Thanks to Guy Inbar for the report.
----
- xpath.c | 10 ++++------
- 1 file changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/xpath.c b/xpath.c
-index 3fae0bf4..5e3bb9ff 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -13234,9 +13234,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- 		return(0);
- 	    }
-             xmlXPathBooleanFunction(ctxt, 1);
--            arg1 = valuePop(ctxt);
--            arg1->boolval &= arg2->boolval;
--            valuePush(ctxt, arg1);
-+            if (ctxt->value != NULL)
-+                ctxt->value->boolval &= arg2->boolval;
- 	    xmlXPathReleaseObject(ctxt->context, arg2);
-             return (total);
-         case XPATH_OP_OR:
-@@ -13252,9 +13251,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- 		return(0);
- 	    }
-             xmlXPathBooleanFunction(ctxt, 1);
--            arg1 = valuePop(ctxt);
--            arg1->boolval |= arg2->boolval;
--            valuePush(ctxt, arg1);
-+            if (ctxt->value != NULL)
-+                ctxt->value->boolval |= arg2->boolval;
- 	    xmlXPathReleaseObject(ctxt->context, arg2);
-             return (total);
-         case XPATH_OP_EQUAL:
--- 
-2.18.1
-
diff --git a/main/libxml2/CVE-2018-9251-CVE-2018-14567.patch b/main/libxml2/CVE-2018-9251-CVE-2018-14567.patch
deleted file mode 100644
index 46c0c0e808..0000000000
--- a/main/libxml2/CVE-2018-9251-CVE-2018-14567.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 2240fbf5912054af025fb6e01e26375100275e74 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Mon, 30 Jul 2018 13:14:11 +0200
-Subject: [PATCH] Fix infinite loop in LZMA decompression
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Check the liblzma error code more thoroughly to avoid infinite loops.
-
-Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13
-Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914
-
-This is CVE-2018-9251 and CVE-2018-14567.
-
-Thanks to Dongliang Mu and Simon Wörner for the reports.
----
- xzlib.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/xzlib.c b/xzlib.c
-index a839169e..0ba88cfa 100644
---- a/xzlib.c
-+++ b/xzlib.c
-@@ -562,6 +562,10 @@ xz_decomp(xz_statep state)
-                          "internal error: inflate stream corrupt");
-                 return -1;
-             }
-+            /*
-+             * FIXME: Remapping a couple of error codes and falling through
-+             * to the LZMA error handling looks fragile.
-+             */
-             if (ret == Z_MEM_ERROR)
-                 ret = LZMA_MEM_ERROR;
-             if (ret == Z_DATA_ERROR)
-@@ -587,6 +591,11 @@ xz_decomp(xz_statep state)
-             xz_error(state, LZMA_PROG_ERROR, "compression error");
-             return -1;
-         }
-+        if ((state->how != GZIP) &&
-+            (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) {
-+            xz_error(state, ret, "lzma error");
-+            return -1;
-+        }
-     } while (strm->avail_out && ret != LZMA_STREAM_END);
- 
-     /* update available output and crc check value */
--- 
-2.18.1
-
diff --git a/main/libxml2/Length-related-XHTML-parsing-errors.patch b/main/libxml2/Length-related-XHTML-parsing-errors.patch
deleted file mode 100644
index 7a4363198e..0000000000
--- a/main/libxml2/Length-related-XHTML-parsing-errors.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 7a1bd7f6497ac33a9023d556f6f47a48f01deac0 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Sat, 17 Mar 2018 00:03:24 +0100
-Subject: [PATCH] Revert "Change calls to xmlCharEncInput to set flush false"
-
-This reverts commit 6e6ae5daa6cd9640c9a83c1070896273e9b30d14 which
-broke decoding of larger documents with ICU.
-
-See https://bugs.chromium.org/p/chromium/issues/detail?id=820163
----
- HTMLparser.c      | 2 +-
- parserInternals.c | 2 +-
- xmlIO.c           | 4 ++--
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/HTMLparser.c b/HTMLparser.c
-index 9adeb174..7e243e60 100644
---- a/HTMLparser.c
-+++ b/HTMLparser.c
-@@ -3635,7 +3635,7 @@ htmlCheckEncodingDirect(htmlParserCtxtPtr ctxt, const xmlChar *encoding) {
- 	     */
- 	    processed = ctxt->input->cur - ctxt->input->base;
- 	    xmlBufShrink(ctxt->input->buf->buffer, processed);
--	    nbchars = xmlCharEncInput(ctxt->input->buf, 0);
-+	    nbchars = xmlCharEncInput(ctxt->input->buf, 1);
- 	    if (nbchars < 0) {
- 		htmlParseErr(ctxt, XML_ERR_INVALID_ENCODING,
- 		             "htmlCheckEncoding: encoder error\n",
-diff --git a/parserInternals.c b/parserInternals.c
-index 8c0cd57a..09876ab4 100644
---- a/parserInternals.c
-+++ b/parserInternals.c
-@@ -1214,7 +1214,7 @@ xmlSwitchInputEncodingInt(xmlParserCtxtPtr ctxt, xmlParserInputPtr input,
-                 /*
-                  * convert as much as possible of the buffer
-                  */
--                nbchars = xmlCharEncInput(input->buf, 0);
-+                nbchars = xmlCharEncInput(input->buf, 1);
-             } else {
-                 /*
-                  * convert just enough to get
-diff --git a/xmlIO.c b/xmlIO.c
-index 82543477..f61dd05a 100644
---- a/xmlIO.c
-+++ b/xmlIO.c
-@@ -3157,7 +3157,7 @@ xmlParserInputBufferPush(xmlParserInputBufferPtr in,
- 	 * convert as much as possible to the parser reading buffer.
- 	 */
- 	use = xmlBufUse(in->raw);
--	nbchars = xmlCharEncInput(in, 0);
-+	nbchars = xmlCharEncInput(in, 1);
- 	if (nbchars < 0) {
- 	    xmlIOErr(XML_IO_ENCODER, NULL);
- 	    in->error = XML_IO_ENCODER;
-@@ -3273,7 +3273,7 @@ xmlParserInputBufferGrow(xmlParserInputBufferPtr in, int len) {
- 	 * convert as much as possible to the parser reading buffer.
- 	 */
- 	use = xmlBufUse(in->raw);
--	nbchars = xmlCharEncInput(in, 0);
-+	nbchars = xmlCharEncInput(in, 1);
- 	if (nbchars < 0) {
- 	    xmlIOErr(XML_IO_ENCODER, NULL);
- 	    in->error = XML_IO_ENCODER;
\ No newline at end of file
diff --git a/main/libxml2/fix-utf8-error-message.patch b/main/libxml2/fix-utf8-error-message.patch
deleted file mode 100644
index e87dcdedf8..0000000000
--- a/main/libxml2/fix-utf8-error-message.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Index: libxml2-2.9.5/python/libxml.c
-===================================================================
---- libxml2-2.9.5.orig/python/libxml.c
-+++ libxml2-2.9.5/python/libxml.c
-@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
-     PyObject *message;
-     PyObject *result;
-     char str[1000];
-+    unsigned char *ptr = (unsigned char *)str;
- 
- #ifdef DEBUG_ERROR
-     printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg);
-@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
- 	    str[999] = 0;
-         va_end(ap);
- 
-+#if PY_MAJOR_VERSION >= 3
-+        /* Ensure the error string doesn't start at UTF8 continuation. */
-+        while (*ptr && (*ptr & 0xc0) == 0x80)
-+            ptr++;
-+#endif
-+
-         list = PyTuple_New(2);
-         PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt);
-         Py_XINCREF(libxml_xmlPythonErrorFuncCtxt);
--        message = libxml_charPtrConstWrap(str);
-+        message = libxml_charPtrConstWrap(ptr);
-         PyTuple_SetItem(list, 1, message);
-         result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list);
-+        /* Forget any errors caused in the error handler. */
-+        PyErr_Clear();
-         Py_XDECREF(list);
-         Py_XDECREF(result);
-     }