From: Ralph Siemsen <ralph.siem...@linaro.org>
- new version includes fix for CVE-2022-23308
- drop patche which was upstream
- refresh patch
Signed-off-by: Ralph Siemsen <ralph.siem...@linaro.org>
Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org>
(cherry picked from commit d687f1ac2017a1cc94ac4733cd46755d5aabd120)
Signed-off-by: Anuj Mittal <anuj.mit...@intel.com>
---
.../0002-Work-around-lxml-API-abuse.patch | 213 ------------------
.../libxml2/libxml-m4-use-pkgconfig.patch | 16 +-
.../{libxml2_2.9.12.bb => libxml2_2.9.13.bb} | 5 +-
3 files changed, 8 insertions(+), 226 deletions(-)
delete mode 100644
meta/recipes-core/libxml/libxml2/0002-Work-around-lxml-API-abuse.patch
rename meta/recipes-core/libxml/{libxml2_2.9.12.bb => libxml2_2.9.13.bb} (96%)
diff --git
a/meta/recipes-core/libxml/libxml2/0002-Work-around-lxml-API-abuse.patch
b/meta/recipes-core/libxml/libxml2/0002-Work-around-lxml-API-abuse.patch
deleted file mode 100644
index f09ce9707a..0000000000
--- a/meta/recipes-core/libxml/libxml2/0002-Work-around-lxml-API-abuse.patch
+++ /dev/null
@@ -1,213 +0,0 @@
-From 85b1792e37b131e7a51af98a37f92472e8de5f3f Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnho...@aevum.de>
-Date: Tue, 18 May 2021 20:08:28 +0200
-Subject: [PATCH] Work around lxml API abuse
-
-Make xmlNodeDumpOutput and htmlNodeDumpFormatOutput work with corrupted
-parent pointers. This used to work with the old recursive code but the
-non-recursive rewrite required parent pointers to be set correctly.
-
-Unfortunately, lxml relies on the old behavior and passes subtrees with
-a corrupted structure. Fall back to a recursive function call if an
-invalid parent pointer is detected.
-
-Fixes #255.
-
-Upstream-Status: Backport [85b1792e37b131e7a51af98a37f92472e8de5f3f]
----
- HTMLtree.c | 46 ++++++++++++++++++++++++++++------------------
- xmlsave.c | 31 +++++++++++++++++++++----------
- 2 files changed, 49 insertions(+), 28 deletions(-)
-
-diff --git a/HTMLtree.c b/HTMLtree.c
-index 24434d45..bdd639c7 100644
---- a/HTMLtree.c
-+++ b/HTMLtree.c
-@@ -744,7 +744,7 @@ void
- htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- xmlNodePtr cur, const char *encoding ATTRIBUTE_UNUSED,
- int format) {
-- xmlNodePtr root;
-+ xmlNodePtr root, parent;
- xmlAttrPtr attr;
- const htmlElemDesc * info;
-
-@@ -755,6 +755,7 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr
doc,
- }
-
- root = cur;
-+ parent = cur->parent;
- while (1) {
- switch (cur->type) {
- case XML_HTML_DOCUMENT_NODE:
-@@ -762,13 +763,25 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf,
xmlDocPtr doc,
- if (((xmlDocPtr) cur)->intSubset != NULL) {
- htmlDtdDumpOutput(buf, (xmlDocPtr) cur, NULL);
- }
-- if (cur->children != NULL) {
-+ /* Always validate cur->parent when descending. */
-+ if ((cur->parent == parent) && (cur->children != NULL)) {
-+ parent = cur;
- cur = cur->children;
- continue;
- }
- break;
-
- case XML_ELEMENT_NODE:
-+ /*
-+ * Some users like lxml are known to pass nodes with a corrupted
-+ * tree structure. Fall back to a recursive call to handle this
-+ * case.
-+ */
-+ if ((cur->parent != parent) && (cur->children != NULL)) {
-+ htmlNodeDumpFormatOutput(buf, doc, cur, encoding, format);
-+ break;
-+ }
-+
- /*
- * Get specific HTML info for that node.
- */
-@@ -817,6 +830,7 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr
doc,
- (cur->name != NULL) &&
- (cur->name[0] != 'p')) /* p, pre, param */
- xmlOutputBufferWriteString(buf, "\n");
-+ parent = cur;
- cur = cur->children;
- continue;
- }
-@@ -825,9 +839,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr
doc,
- (info != NULL) && (!info->isinline)) {
- if ((cur->next->type != HTML_TEXT_NODE) &&
- (cur->next->type != HTML_ENTITY_REF_NODE) &&
-- (cur->parent != NULL) &&
-- (cur->parent->name != NULL) &&
-- (cur->parent->name[0] != 'p')) /* p, pre, param */
-+ (parent != NULL) &&
-+ (parent->name != NULL) &&
-+ (parent->name[0] != 'p')) /* p, pre, param */
- xmlOutputBufferWriteString(buf, "\n");
- }
-
-@@ -842,9 +856,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr
doc,
- break;
- if (((cur->name == (const xmlChar *)xmlStringText) ||
- (cur->name != (const xmlChar *)xmlStringTextNoenc)) &&
-- ((cur->parent == NULL) ||
-- ((xmlStrcasecmp(cur->parent->name, BAD_CAST "script")) &&
-- (xmlStrcasecmp(cur->parent->name, BAD_CAST "style"))))) {
-+ ((parent == NULL) ||
-+ ((xmlStrcasecmp(parent->name, BAD_CAST "script")) &&
-+ (xmlStrcasecmp(parent->name, BAD_CAST "style"))))) {
- xmlChar *buffer;
-
- buffer = xmlEncodeEntitiesReentrant(doc, cur->content);
-@@ -902,13 +916,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf,
xmlDocPtr doc,
- break;
- }
-
-- /*
-- * The parent should never be NULL here but we want to handle
-- * corrupted documents gracefully.
-- */
-- if (cur->parent == NULL)
-- return;
-- cur = cur->parent;
-+ cur = parent;
-+ /* cur->parent was validated when descending. */
-+ parent = cur->parent;
-
- if ((cur->type == XML_HTML_DOCUMENT_NODE) ||
- (cur->type == XML_DOCUMENT_NODE)) {
-@@ -939,9 +949,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr
doc,
- (cur->next != NULL)) {
- if ((cur->next->type != HTML_TEXT_NODE) &&
- (cur->next->type != HTML_ENTITY_REF_NODE) &&
-- (cur->parent != NULL) &&
-- (cur->parent->name != NULL) &&
-- (cur->parent->name[0] != 'p')) /* p, pre, param */
-+ (parent != NULL) &&
-+ (parent->name != NULL) &&
-+ (parent->name[0] != 'p')) /* p, pre, param */
- xmlOutputBufferWriteString(buf, "\n");
- }
- }
-diff --git a/xmlsave.c b/xmlsave.c
-index 61a40459..aedbd5e7 100644
---- a/xmlsave.c
-+++ b/xmlsave.c
-@@ -847,7 +847,7 @@ htmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr
cur) {
- static void
- xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
- int format = ctxt->format;
-- xmlNodePtr tmp, root, unformattedNode = NULL;
-+ xmlNodePtr tmp, root, unformattedNode = NULL, parent;
- xmlAttrPtr attr;
- xmlChar *start, *end;
- xmlOutputBufferPtr buf;
-@@ -856,6 +856,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr
cur) {
- buf = ctxt->buf;
-
- root = cur;
-+ parent = cur->parent;
- while (1) {
- switch (cur->type) {
- case XML_DOCUMENT_NODE:
-@@ -868,7 +869,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr
cur) {
- break;
-
- case XML_DOCUMENT_FRAG_NODE:
-- if (cur->children != NULL) {
-+ /* Always validate cur->parent when descending. */
-+ if ((cur->parent == parent) && (cur->children != NULL)) {
-+ parent = cur;
- cur = cur->children;
- continue;
- }
-@@ -887,7 +890,18 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr
cur) {
- break;
-
- case XML_ELEMENT_NODE:
-- if ((cur != root) && (ctxt->format == 1) && (xmlIndentTreeOutput))
-+ /*
-+ * Some users like lxml are known to pass nodes with a corrupted
-+ * tree structure. Fall back to a recursive call to handle this
-+ * case.
-+ */
-+ if ((cur->parent != parent) && (cur->children != NULL)) {
-+ xmlNodeDumpOutputInternal(ctxt, cur);
-+ break;
-+ }
-+
-+ if ((ctxt->level > 0) && (ctxt->format == 1) &&
-+ (xmlIndentTreeOutput))
- xmlOutputBufferWrite(buf, ctxt->indent_size *
- (ctxt->level > ctxt->indent_nr ?
- ctxt->indent_nr : ctxt->level),
-@@ -942,6 +956,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr
cur) {
- xmlOutputBufferWrite(buf, 1, ">");
- if (ctxt->format == 1) xmlOutputBufferWrite(buf, 1, "\n");
- if (ctxt->level >= 0) ctxt->level++;
-+ parent = cur;
- cur = cur->children;
- continue;
- }
-@@ -1058,13 +1073,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt,
xmlNodePtr cur) {
- break;
- }
-
-- /*
-- * The parent should never be NULL here but we want to handle
-- * corrupted documents gracefully.
-- */
-- if (cur->parent == NULL)
-- return;
-- cur = cur->parent;
-+ cur = parent;
-+ /* cur->parent was validated when descending. */
-+ parent = cur->parent;
-
- if (cur->type == XML_ELEMENT_NODE) {
- if (ctxt->level > 0) ctxt->level--;
---
-2.32.0
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
index 90fa193775..6f44275299 100644
--- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
+++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
@@ -18,11 +18,11 @@ Signed-off-by: Tony Tascioglu <tony.tascio...@windriver.com>
libxml.m4 | 190 ++----------------------------------------------------
1 file changed, 5 insertions(+), 185 deletions(-)
-diff --git a/libxml.m4 b/libxml.m4
-index 09de9fe2..1c535853 100644
---- a/libxml.m4
-+++ b/libxml.m4
-@@ -1,192 +1,12 @@
+Index: libxml2-2.9.13/libxml.m4
+===================================================================
+--- libxml2-2.9.13.orig/libxml.m4
++++ libxml2-2.9.13/libxml.m4
+@@ -1,191 +1,12 @@
-# Configure paths for LIBXML2
-# Simon Josefsson 2020-02-12
-# Fix autoconf 2.70+ warnings
@@ -147,9 +147,8 @@ index 09de9fe2..1c535853 100644
- {
- printf("\n*** An old version of libxml (%d.%d.%d) was found.\n",
- xml_major_version, xml_minor_version, xml_micro_version);
-- printf("*** You need a version of libxml newer than %d.%d.%d. The
latest version of\n",
+- printf("*** You need a version of libxml newer than %d.%d.%d.\n",
- major, minor, micro);
-- printf("*** libxml is always available from
ftp://ftp.xmlsoft.org.\n";);
- printf("***\n");
- printf("*** If you have already installed a sufficiently new version,
this error\n");
- printf("*** probably means that the wrong copy of the xml2-config
shell script is\n");
@@ -220,6 +219,3 @@ index 09de9fe2..1c535853 100644
- AC_SUBST(XML_LIBS)
- rm -f conf.xmltest
])
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2_2.9.12.bb
b/meta/recipes-core/libxml/libxml2_2.9.13.bb
similarity index 96%
rename from meta/recipes-core/libxml/libxml2_2.9.12.bb
rename to meta/recipes-core/libxml/libxml2_2.9.13.bb
index 3508733cc0..be59aba84b 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.12.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.13.bb
@@ -18,14 +18,13 @@ SRC_URI +=
"http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
file://runtest.patch \
file://run-ptest \
file://python-sitepackages-dir.patch \
- file://libxml-m4-use-pkgconfig.patch \
file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
file://fix-execution-of-ptests.patch \
file://remove-fuzz-from-ptests.patch \
- file://0002-Work-around-lxml-API-abuse.patch \
+ file://libxml-m4-use-pkgconfig.patch \
"
-SRC_URI[archive.sha256sum] =
"28a92f6ab1f311acf5e478564c49088ef0ac77090d9c719bbc5d518f1fe62eb9"
+SRC_URI[archive.sha256sum] =
"276130602d12fe484ecc03447ee5e759d0465558fbc9d6bd144e3745306ebf0e"
SRC_URI[testtar.sha256sum] =
"96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
BINCONFIG = "${bindir}/xml2-config"
--
2.35.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#164035):
https://lists.openembedded.org/g/openembedded-core/message/164035
Mute This Topic: https://lists.openembedded.org/mt/90267076/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
