libxml2: security bump to version 2.9.4

Fixes a bunch of security issues including:

  CVE-2016-1762: Heap-based buffer overread in xmlNextChar

  CVE-2016-1834: heap-buffer-overflow in xmlStrncat

  CVE-2016-3705: Missing increments of recursion depth counter to XML parser

A few more security fixes are listed in the release announcement at
https://mail.gnome.org/archives/xml/2016-May/msg00023.html.

Also fixes:
http://autobuild.buildroot.net/results/6db/6db405a097b192876c0b1b8d59051d614563c617/
http://autobuild.buildroot.net/results/62a/62addf4abd2a0df8222a81a83c16b2b9a61c9481/
http://autobuild.buildroot.net/results/204/20402690ad05d10d456a219da5252a38badf1da0/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

diff --git a/package/libxml2/libxml2.hash b/package/libxml2/libxml2.hash
index 00fbf4372bdc1ed5896441de760d0a3a4c74e1eb..098121e11741ae939de4c623496b60b0b779d00e 100644 (file)
--- a/package/libxml2/libxml2.hash
+++ b/package/libxml2/libxml2.hash
@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256 4de9e31f46b44d34871c22f54bfc54398ef124d6f7cafb1f4a5958fbcd3ba12d        libxml2-2.9.3.tar.gz
+sha256 ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c        libxml2-2.9.4.tar.gz

diff --git a/package/libxml2/libxml2.mk b/package/libxml2/libxml2.mk
index ee9b2ca44e306b0c5d4c1c3ac8d4309002e3428a..ed6f9af49b3603c8878932fc84f07f2780ccdc3a 100644 (file)
--- a/package/libxml2/libxml2.mk
+++ b/package/libxml2/libxml2.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBXML2_VERSION = 2.9.3
+LIBXML2_VERSION = 2.9.4
 LIBXML2_SITE = ftp://xmlsoft.org/libxml2
 LIBXML2_INSTALL_STAGING = YES
 LIBXML2_LICENSE = MIT