projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fc16689)
libxml2: security bump to version 2.9.9
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Mon, 28 Jan 2019 20:55:38 +0000 (21:55 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 28 Jan 2019 21:19:06 +0000 (22:19 +0100)
- Fixes CVE-2018-9251 and CVE-2018-14567:
  https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
- Fixes CVE-2018-14404: https://gitlab.gnome.org/GNOME/libxml2/issues/5
- Remove patch: CVE-2017-8872 was fixed by
  https://gitlab.gnome.org/GNOME/libxml2/issues/26

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/libxml2/0001-CVE-2017-8872.patch [deleted file] patch | blob | history
package/libxml2/libxml2.hash patch | blob | history
package/libxml2/libxml2.mk patch | blob | history

diff --git a/package/libxml2/0001-CVE-2017-8872.patch b/package/libxml2/0001-CVE-2017-8872.patch
deleted file mode 100644 (file)
index b7a75c1..0000000
--- a/package/libxml2/0001-CVE-2017-8872.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 8b329effb610f4138e4e680f6a6867570f6d6179 Mon Sep 17 00:00:00 2001
-From: Baruch Siach <baruch@tkos.co.il>
-Date: Fri, 9 Feb 2018 10:58:11 +0200
-Subject: [PATCH] CVE-2017-8872
-
-Taken from attachment to upstream bug report comment #9.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=775200#c9
-https://bugzilla.gnome.org/attachment.cgi?id=366193&action=diff
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
- parser.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/parser.c b/parser.c
-index 1c5e036ea265..025111067ae8 100644
---- a/parser.c
-+++ b/parser.c
-@@ -12467,6 +12467,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
-       ctxt->input->cur = BAD_CAST"";
-       ctxt->input->base = ctxt->input->cur;
-         ctxt->input->end = ctxt->input->cur;
-+    if (ctxt->input->buf)
-+        xmlBufEmpty (ctxt->input->buf->buffer);
-+    else
-+        ctxt->input->length = 0;
-     }
- }
--- 
-2.15.1
-
diff --git a/package/libxml2/libxml2.hash b/package/libxml2/libxml2.hash
index d114d980603f484ba099fc7dd7da2848242492db..ce8f5ef7f2b49d3bb9f6d92b41928e5f93f876f3 100644 (file)
--- a/package/libxml2/libxml2.hash
+++ b/package/libxml2/libxml2.hash
@@ -1,4 +1,4 @@
 # Locally calculated after checking pgp signature
-sha256 0b74e51595654f958148759cfef0993114ddccccbb6f31aee018f3558e8e2732        libxml2-2.9.8.tar.gz
+sha256 94fb70890143e3c6549f265cee93ec064c80a84c42ad0f23e85ee1fd6540a871        libxml2-2.9.9.tar.gz
 # License files, locally calculated
 sha256 c5c63674f8a83c4d2e385d96d1c670a03cb871ba2927755467017317878574bd        COPYING
diff --git a/package/libxml2/libxml2.mk b/package/libxml2/libxml2.mk
index 06a802eb10470b87c371707ca12f6fd153adcda0..3b3714fff1c2cfdbbc98af447e160d8455bd3218 100644 (file)
--- a/package/libxml2/libxml2.mk
+++ b/package/libxml2/libxml2.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBXML2_VERSION = 2.9.8
+LIBXML2_VERSION = 2.9.9
 LIBXML2_SITE = ftp://xmlsoft.org/libxml2
 LIBXML2_INSTALL_STAGING = YES
 LIBXML2_LICENSE = MIT