Yocto 2.3
Move OpenBMC to Yocto 2.3(pyro).
Tested: Built and verified Witherspoon and Palmetto images
Change-Id: I50744030e771f4850afc2a93a10d3507e76d36bc
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Resolves: openbmc/openbmc#2461
diff --git a/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch
new file mode 100644
index 0000000..d1ad551
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch
@@ -0,0 +1,99 @@
+From 78dbd4c09d617a9cb730d796f94ee4d93840d3cc Mon Sep 17 00:00:00 2001
+From: Peter Kjellerstedt <pkj@axis.com>
+Date: Fri, 9 Jun 2017 17:50:46 +0200
+Subject: [PATCH] Make ptest run the python tests if python is enabled
+
+One of the tests (tstLastError.py) needed a minor correction. It might
+be due to the fact that the tests are forced to run with Python 3.
+
+Upstream-Status: Inappropriate [OE specific]
+Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
+---
+ Makefile.am | 2 +-
+ python/Makefile.am | 9 +++++++++
+ python/tests/Makefile.am | 12 ++++++++++--
+ python/tests/tstLastError.py | 2 +-
+ 4 files changed, 21 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index e181ee0..7960e7d 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -207,9 +207,9 @@ install-ptest:
+ install $(noinst_PROGRAMS) $(DESTDIR))
+ cp -r $(srcdir)/test $(DESTDIR)
+ cp -r $(srcdir)/result $(DESTDIR)
+- cp -r $(srcdir)/python $(DESTDIR)
+ cp Makefile $(DESTDIR)
+ sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile
++ $(MAKE) -C python install-ptest
+
+ runtests:
+ [ -d test ] || $(LN_S) $(srcdir)/test .
+diff --git a/python/Makefile.am b/python/Makefile.am
+index 34aed96..ba3ec6a 100644
+--- a/python/Makefile.am
++++ b/python/Makefile.am
+@@ -48,7 +48,16 @@ GENERATED = libxml2class.py libxml2class.txt $(BUILT_SOURCES)
+
+ $(GENERATED): $(srcdir)/generator.py $(API_DESC)
+ $(PYTHON) $(srcdir)/generator.py $(srcdir)
++
++install-ptest:
++ cp -r $(srcdir) $(DESTDIR)
++ sed -e 's|^Makefile:|_Makefile:|' \
++ -e 's|^\(tests test:\) all|\1|' Makefile >$(DESTDIR)/python/Makefile
++ $(MAKE) -C tests install-ptest
++else
++install-ptest:
+ endif
+
++.PHONY: tests test
+ tests test: all
+ cd tests && $(MAKE) tests
+diff --git a/python/tests/Makefile.am b/python/tests/Makefile.am
+index 95ebead..418e21e 100644
+--- a/python/tests/Makefile.am
++++ b/python/tests/Makefile.am
+@@ -59,6 +59,11 @@ XMLS= \
+ CLEANFILES = core tmp.xml *.pyc
+
+ if WITH_PYTHON
++install-ptest:
++ cp -r $(srcdir) $(DESTDIR)/python
++ sed -e 's|^Makefile:|_Makefile:|' \
++ -e 's|^\(srcdir = \).*|\1.|' Makefile >$(DESTDIR)/python/tests/Makefile
++
+ tests: $(PYTESTS)
+ @for f in $(XMLS) ; do test -f $$f || $(LN_S) $(srcdir)/$$f . ; done
+ @echo "## running Python regression tests"
+@@ -68,8 +73,11 @@ tests: $(PYTESTS)
+ export LD_LIBRARY_PATH; \
+ for test in $(PYTESTS) ; \
+ do log=`$(PYTHON) $(srcdir)/$$test` ; \
+- if [ "`echo $$log | grep OK`" = "" ] ; then \
+- echo "-- $$test" ; echo "$$log" ; fi ; done)
++ if [ "`echo $$log | grep OK`" ]; then \
++ echo "PASS: $$test"; else \
++ echo "$$log"; echo "FAIL: $$test"; fi; done)
+ else
++install-ptest:
++
+ tests:
+ endif
+diff --git a/python/tests/tstLastError.py b/python/tests/tstLastError.py
+index d5f9be7..3e5bef8 100755
+--- a/python/tests/tstLastError.py
++++ b/python/tests/tstLastError.py
+@@ -25,7 +25,7 @@ class TestCase(unittest.TestCase):
+ when the exception is raised, check the libxml2.lastError for
+ expected values."""
+ # disable the default error handler
+- libxml2.registerErrorHandler(None,None)
++ libxml2.registerErrorHandler(lambda ctx,str: None,None)
+ try:
+ f(*args)
+ except exc:
+--
+2.12.0
+
diff --git a/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch
deleted file mode 100644
index 3581ab8..0000000
--- a/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch
+++ /dev/null
@@ -1,207 +0,0 @@
-From 7fa1cd31552d52d50a9101f07c816ff6dd2d9f19 Mon Sep 17 00:00:00 2001
-From: Doran Moppert <dmoppert@redhat.com>
-Date: Fri, 7 Apr 2017 16:45:56 +0200
-Subject: [PATCH] Add an XML_PARSE_NOXXE flag to block all entities loading
- even local
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=772726
-
-* include/libxml/parser.h: Add a new parser flag XML_PARSE_NOXXE
-* elfgcchack.h, xmlIO.h, xmlIO.c: associated loading routine
-* include/libxml/xmlerror.h: new error raised
-* xmllint.c: adds --noxxe flag to activate the option
-
-Upstream-Status: Backport
-CVE: CVE-2016-9318
-
-Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
----
- elfgcchack.h | 10 ++++++++++
- include/libxml/parser.h | 3 ++-
- include/libxml/xmlIO.h | 8 ++++++++
- include/libxml/xmlerror.h | 1 +
- parser.c | 4 ++++
- xmlIO.c | 40 +++++++++++++++++++++++++++++++++++-----
- xmllint.c | 5 +++++
- 7 files changed, 65 insertions(+), 6 deletions(-)
-
-diff --git a/elfgcchack.h b/elfgcchack.h
-index 8c52884..1b81dcd 100644
---- a/elfgcchack.h
-+++ b/elfgcchack.h
-@@ -6547,6 +6547,16 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int
- #endif
- #endif
-
-+#ifdef bottom_xmlIO
-+#undef xmlNoXxeExternalEntityLoader
-+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias")));
-+#else
-+#ifndef xmlNoXxeExternalEntityLoader
-+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden")));
-+#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias
-+#endif
-+#endif
-+
- #ifdef bottom_tree
- #undef xmlNodeAddContent
- extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias")));
-diff --git a/include/libxml/parser.h b/include/libxml/parser.h
-index 47fbec0..63ca1b9 100644
---- a/include/libxml/parser.h
-+++ b/include/libxml/parser.h
-@@ -1111,7 +1111,8 @@ typedef enum {
- XML_PARSE_HUGE = 1<<19,/* relax any hardcoded limit from the parser */
- XML_PARSE_OLDSAX = 1<<20,/* parse using SAX2 interface before 2.7.0 */
- XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */
-- XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */
-+ XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */
-+ XML_PARSE_NOXXE = 1<<23 /* Forbid any external entity loading */
- } xmlParserOption;
-
- XMLPUBFUN void XMLCALL
-diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h
-index 3e41744..8d3fdef 100644
---- a/include/libxml/xmlIO.h
-+++ b/include/libxml/xmlIO.h
-@@ -300,6 +300,14 @@ XMLPUBFUN xmlParserInputPtr XMLCALL
- xmlParserCtxtPtr ctxt);
-
- /*
-+ * A predefined entity loader external entity expansion
-+ */
-+XMLPUBFUN xmlParserInputPtr XMLCALL
-+ xmlNoXxeExternalEntityLoader (const char *URL,
-+ const char *ID,
-+ xmlParserCtxtPtr ctxt);
-+
-+/*
- * xmlNormalizeWindowsPath is obsolete, don't use it.
- * Check xmlCanonicPath in uri.h for a better alternative.
- */
-diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h
-index 037c16d..3036062 100644
---- a/include/libxml/xmlerror.h
-+++ b/include/libxml/xmlerror.h
-@@ -470,6 +470,7 @@ typedef enum {
- XML_IO_EADDRINUSE, /* 1554 */
- XML_IO_EALREADY, /* 1555 */
- XML_IO_EAFNOSUPPORT, /* 1556 */
-+ XML_IO_ILLEGAL_XXE, /* 1557 */
- XML_XINCLUDE_RECURSION=1600,
- XML_XINCLUDE_PARSE_VALUE, /* 1601 */
- XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */
-diff --git a/parser.c b/parser.c
-index 53a6b7f..609a270 100644
---- a/parser.c
-+++ b/parser.c
-@@ -15350,6 +15350,10 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi
- ctxt->options |= XML_PARSE_NONET;
- options -= XML_PARSE_NONET;
- }
-+ if (options & XML_PARSE_NOXXE) {
-+ ctxt->options |= XML_PARSE_NOXXE;
-+ options -= XML_PARSE_NOXXE;
-+ }
- if (options & XML_PARSE_COMPACT) {
- ctxt->options |= XML_PARSE_COMPACT;
- options -= XML_PARSE_COMPACT;
-diff --git a/xmlIO.c b/xmlIO.c
-index 1a79c09..304f822 100644
---- a/xmlIO.c
-+++ b/xmlIO.c
-@@ -210,6 +210,7 @@ static const char *IOerr[] = {
- "adddress in use", /* EADDRINUSE */
- "already in use", /* EALREADY */
- "unknown address familly", /* EAFNOSUPPORT */
-+ "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */
- };
-
- #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__)
-@@ -4053,13 +4054,22 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID,
- xmlGenericError(xmlGenericErrorContext,
- "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL);
- #endif
-- if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) {
-+ if (ctxt != NULL) {
- int options = ctxt->options;
-
-- ctxt->options -= XML_PARSE_NONET;
-- ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
-- ctxt->options = options;
-- return(ret);
-+ if (options & XML_PARSE_NOXXE) {
-+ ctxt->options -= XML_PARSE_NOXXE;
-+ ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt);
-+ ctxt->options = options;
-+ return(ret);
-+ }
-+
-+ if (options & XML_PARSE_NONET) {
-+ ctxt->options -= XML_PARSE_NONET;
-+ ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
-+ ctxt->options = options;
-+ return(ret);
-+ }
- }
- #ifdef LIBXML_CATALOG_ENABLED
- resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
-@@ -4160,6 +4170,13 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
- xmlParserInputPtr input = NULL;
- xmlChar *resource = NULL;
-
-+ if (ctxt == NULL) {
-+ return(NULL);
-+ }
-+ if (ctxt->input_id == 1) {
-+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
-+ }
-+
- #ifdef LIBXML_CATALOG_ENABLED
- resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
- #endif
-@@ -4182,5 +4199,18 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
- return(input);
- }
-
-+xmlParserInputPtr
-+xmlNoXxeExternalEntityLoader(const char *URL, const char *ID,
-+ xmlParserCtxtPtr ctxt) {
-+ if (ctxt == NULL) {
-+ return(NULL);
-+ }
-+ if (ctxt->input_id == 1) {
-+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
-+ }
-+ xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL);
-+ return(NULL);
-+}
-+
- #define bottom_xmlIO
- #include "elfgcchack.h"
-diff --git a/xmllint.c b/xmllint.c
-index 67f7adb..d9368c1 100644
---- a/xmllint.c
-+++ b/xmllint.c
-@@ -3019,6 +3019,7 @@ static void usage(const char *name) {
- printf("\t--path 'paths': provide a set of paths for resources\n");
- printf("\t--load-trace : print trace of all external entities loaded\n");
- printf("\t--nonet : refuse to fetch DTDs or entities over network\n");
-+ printf("\t--noxxe : forbid any external entity loading\n");
- printf("\t--nocompact : do not generate compact text nodes\n");
- printf("\t--htmlout : output results as HTML\n");
- printf("\t--nowrap : do not put HTML doc wrapper\n");
-@@ -3461,6 +3462,10 @@ main(int argc, char **argv) {
- (!strcmp(argv[i], "--nonet"))) {
- options |= XML_PARSE_NONET;
- xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader);
-+ } else if ((!strcmp(argv[i], "-noxxe")) ||
-+ (!strcmp(argv[i], "--noxxe"))) {
-+ options |= XML_PARSE_NOXXE;
-+ xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader);
- } else if ((!strcmp(argv[i], "-nocompact")) ||
- (!strcmp(argv[i], "--nocompact"))) {
- options &= ~XML_PARSE_COMPACT;
---
-2.10.2
-
diff --git a/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
new file mode 100644
index 0000000..0108265
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
@@ -0,0 +1,40 @@
+libxml2: Fix CVE-2017-0663
+
+[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
+
+valid: Fix type confusion in xmlValidateOneNamespace
+
+Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
+on namespace declarations make no practical sense anyway.
+
+Fixes bug 780228
+
+Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
+CVE: CVE-2017-0663
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/valid.c b/valid.c
+index 19f84b8..e03d35e 100644
+--- a/valid.c
++++ b/valid.c
+@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+ }
+ }
+
++ /*
++ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
++ * xmlAddID and xmlAddRef for namespace declarations, but it makes
++ * no practical sense to use ID types anyway.
++ */
++#if 0
+ /* Validity Constraint: ID uniqueness */
+ if (attrDecl->atype == XML_ATTRIBUTE_ID) {
+ if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+ if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+ ret = 0;
+ }
++#endif
+
+ /* Validity Constraint: Notation Attributes */
+ if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
diff --git a/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
new file mode 100644
index 0000000..571b05c
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
@@ -0,0 +1,62 @@
+libxml2-2.9.4: Fix CVE-2017-5969
+
+[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
+
+valid: Fix NULL pointer deref in xmlDumpElementContent
+
+Can only be triggered in recovery mode.
+
+Fixes bug 758422
+
+Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882]
+CVE: CVE-2017-5969
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/valid.c b/valid.c
+index 19f84b8..0a8e58a 100644
+--- a/valid.c
++++ b/valid.c
+@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
+ xmlBufferWriteCHAR(buf, content->name);
+ break;
+ case XML_ELEMENT_CONTENT_SEQ:
+- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
++ if ((content->c1 != NULL) &&
++ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
++ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
+ xmlDumpElementContent(buf, content->c1, 1);
+ else
+ xmlDumpElementContent(buf, content->c1, 0);
+ xmlBufferWriteChar(buf, " , ");
+- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
+- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
+- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
++ if ((content->c2 != NULL) &&
++ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
++ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
++ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
+ xmlDumpElementContent(buf, content->c2, 1);
+ else
+ xmlDumpElementContent(buf, content->c2, 0);
+ break;
+ case XML_ELEMENT_CONTENT_OR:
+- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
++ if ((content->c1 != NULL) &&
++ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
++ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
+ xmlDumpElementContent(buf, content->c1, 1);
+ else
+ xmlDumpElementContent(buf, content->c1, 0);
+ xmlBufferWriteChar(buf, " | ");
+- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
+- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
+- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
++ if ((content->c2 != NULL) &&
++ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
++ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
++ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
+ xmlDumpElementContent(buf, content->c2, 1);
+ else
+ xmlDumpElementContent(buf, content->c2, 0);
diff --git a/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
new file mode 100644
index 0000000..26779aa
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
@@ -0,0 +1,37 @@
+From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Wed, 23 Aug 2017 16:04:49 +0800
+Subject: [PATCH] fix CVE-2017-8872
+
+this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
+il too here.
+
+this seems to cure this specific issue, and also passes the testsuite
+
+Signed-off-by: Marcus Meissner <meissner@suse.de>
+
+https://bugzilla.gnome.org/show_bug.cgi?id=775200
+Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ parser.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index 9506ead..6c07ffd 100644
+--- a/parser.c
++++ b/parser.c
+@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
+ }
+ ctxt->input->cur = BAD_CAST"";
+ ctxt->input->base = ctxt->input->cur;
++ if (ctxt->input->buf) {
++ xmlBufEmpty (ctxt->input->buf->buffer);
++ } else
++ ctxt->input->length = 0;
+ }
+ }
+
+--
+2.7.4
+
diff --git a/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
new file mode 100644
index 0000000..8b03456
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
@@ -0,0 +1,103 @@
+libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048
+
+[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333
+ -- https://bugzilla.gnome.org/show_bug.cgi?id=781701
+
+valid: Fix buffer size checks in xmlSnprintfElementContent
+
+xmlSnprintfElementContent failed to correctly check the available
+buffer space in two locations.
+
+Fixes bug 781333 and bug 781701
+
+Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
+CVE: CVE-2017-9047 CVE-2017-9048
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/result/valid/781333.xml b/result/valid/781333.xml
+new file mode 100644
+index 0000000..01baf11
+--- /dev/null
++++ b/result/valid/781333.xml
+@@ -0,0 +1,5 @@
++<?xml version="1.0"?>
++<!DOCTYPE a [
++<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)>
++]>
++<a/>
+diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
+new file mode 100644
+index 0000000..2176200
+--- /dev/null
++++ b/result/valid/781333.xml.err
+@@ -0,0 +1,3 @@
++./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
++<a/>
++ ^
+diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
+new file mode 100644
+index 0000000..1195a04
+--- /dev/null
++++ b/result/valid/781333.xml.err.rdr
+@@ -0,0 +1,6 @@
++./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
++<a/>
++ ^
++./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
++
++^
+diff --git a/test/valid/781333.xml b/test/valid/781333.xml
+new file mode 100644
+index 0000000..bceac9c
+--- /dev/null
++++ b/test/valid/781333.xml
+@@ -0,0 +1,4 @@
++<!DOCTYPE a [
++ <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)>
++]>
++<a/>
+diff --git a/valid.c b/valid.c
+index 19f84b8..aaa30f6 100644
+--- a/valid.c
++++ b/valid.c
+@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
+ case XML_ELEMENT_CONTENT_PCDATA:
+ strcat(buf, "#PCDATA");
+ break;
+- case XML_ELEMENT_CONTENT_ELEMENT:
++ case XML_ELEMENT_CONTENT_ELEMENT: {
++ int qnameLen = xmlStrlen(content->name);
++
++ if (content->prefix != NULL)
++ qnameLen += xmlStrlen(content->prefix) + 1;
++ if (size - len < qnameLen + 10) {
++ strcat(buf, " ...");
++ return;
++ }
+ if (content->prefix != NULL) {
+- if (size - len < xmlStrlen(content->prefix) + 10) {
+- strcat(buf, " ...");
+- return;
+- }
+ strcat(buf, (char *) content->prefix);
+ strcat(buf, ":");
+ }
+- if (size - len < xmlStrlen(content->name) + 10) {
+- strcat(buf, " ...");
+- return;
+- }
+ if (content->name != NULL)
+ strcat(buf, (char *) content->name);
+ break;
++ }
+ case XML_ELEMENT_CONTENT_SEQ:
+ if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
+@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
+ xmlSnprintfElementContent(buf, size, content->c2, 0);
+ break;
+ }
++ if (size - strlen(buf) <= 2) return;
+ if (englob)
+ strcat(buf, ")");
+ switch (content->ocur) {
diff --git a/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
new file mode 100644
index 0000000..591075d
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
@@ -0,0 +1,291 @@
+libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050
+
+[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781205
+ -- https://bugzilla.gnome.org/show_bug.cgi?id=781361
+
+parser: Fix handling of parameter-entity references
+
+There were two bugs where parameter-entity references could lead to an
+unexpected change of the input buffer in xmlParseNameComplex and
+xmlDictLookup being called with an invalid pointer.
+
+Percent sign in DTD Names
+=========================
+
+The NEXTL macro used to call xmlParserHandlePEReference. When parsing
+"complex" names inside the DTD, this could result in entity expansion
+which created a new input buffer. The fix is to simply remove the call
+to xmlParserHandlePEReference from the NEXTL macro. This is safe because
+no users of the macro require expansion of parameter entities.
+
+- xmlParseNameComplex
+- xmlParseNCNameComplex
+- xmlParseNmtoken
+
+The percent sign is not allowed in names, which are grammatical tokens.
+
+- xmlParseEntityValue
+
+Parameter-entity references in entity values are expanded but this
+happens in a separate step in this function.
+
+- xmlParseSystemLiteral
+
+Parameter-entity references are ignored in the system literal.
+
+- xmlParseAttValueComplex
+- xmlParseCharDataComplex
+- xmlParseCommentComplex
+- xmlParsePI
+- xmlParseCDSect
+
+Parameter-entity references are ignored outside the DTD.
+
+- xmlLoadEntityContent
+
+This function is only called from xmlStringLenDecodeEntities and
+entities are replaced in a separate step immediately after the function
+call.
+
+This bug could also be triggered with an internal subset and double
+entity expansion.
+
+This fixes bug 766956 initially reported by Wei Lei and independently by
+Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
+involved.
+
+xmlParseNameComplex with XML_PARSE_OLD10
+========================================
+
+When parsing Names inside an expanded parameter entity with the
+XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
+GROW macro if the input buffer was exhausted. At the end of the
+parameter entity's replacement text, this function would then call
+xmlPopInput which invalidated the input buffer.
+
+There should be no need to invoke GROW in this situation because the
+buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
+at least for UTF-8, in xmlCurrentChar. This also matches the code path
+executed when XML_PARSE_OLD10 is not set.
+
+This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
+Thanks to Marcel Böhme and Thuan Pham for the report.
+
+Additional hardening
+====================
+
+A separate check was added in xmlParseNameComplex to validate the
+buffer size.
+
+Fixes bug 781205 and bug 781361
+
+Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
+CVE: CVE-2017-9049 CVE-2017-9050
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/Makefile.am b/Makefile.am
+index 9f988b0..dab15a4 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
+ if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
+ rm result.$$name error.$$name ; \
+ fi ; fi ; done)
++ @echo "## Error cases regression tests (old 1.0)"
++ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
++ name=`basename $$i`; \
++ if [ ! -d $$i ] ; then \
++ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
++ echo New test file $$name ; \
++ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
++ 2> $(srcdir)/result/errors10/$$name.err \
++ > $(srcdir)/result/errors10/$$name ; \
++ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
++ else \
++ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
++ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
++ diff $(srcdir)/result/errors10/$$name result.$$name ; \
++ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
++ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
++ rm result.$$name error.$$name ; \
++ fi ; fi ; done)
+ @echo "## Error cases stream regression tests"
+ -@(for i in $(srcdir)/test/errors/*.xml ; do \
+ name=`basename $$i`; \
+diff --git a/parser.c b/parser.c
+index 609a270..8e11c12 100644
+--- a/parser.c
++++ b/parser.c
+@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
+ ctxt->input->line++; ctxt->input->col = 1; \
+ } else ctxt->input->col++; \
+ ctxt->input->cur += l; \
+- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
+ } while (0)
+
+ #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
+@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+- if (c == 0) {
+- count = 0;
+- GROW;
+- if (ctxt->instate == XML_PARSER_EOF)
+- return(NULL);
+- c = CUR_CHAR(l);
+- }
+ }
+ }
+ if ((len > XML_MAX_NAME_LENGTH) &&
+@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+ return(NULL);
+ }
++ if (ctxt->input->cur - ctxt->input->base < len) {
++ /*
++ * There were a couple of bugs where PERefs lead to to a change
++ * of the buffer. Check the buffer size to avoid passing an invalid
++ * pointer to xmlDictLookup.
++ */
++ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
++ "unexpected change of input buffer");
++ return (NULL);
++ }
+ if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
+ return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
+ return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
+diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
+new file mode 100644
+index 0000000..e69de29
+diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
+new file mode 100644
+index 0000000..da15c3f
+--- /dev/null
++++ b/result/errors10/781205.xml.err
+@@ -0,0 +1,21 @@
++Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
++
++ %a;
++ ^
++Entity: line 1:
++<:0000
++^
++Entity: line 1: parser error : DOCTYPE improperly terminated
++ %a;
++ ^
++Entity: line 1:
++<:0000
++^
++namespace error : Failed to parse QName ':0000'
++ %a;
++ ^
++<:0000
++ ^
++./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
++
++^
+diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
+new file mode 100644
+index 0000000..e69de29
+diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
+new file mode 100644
+index 0000000..655f41a
+--- /dev/null
++++ b/result/errors10/781361.xml.err
+@@ -0,0 +1,13 @@
++./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
++
++^
++./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
++
++
++^
++./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
++
++^
++./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
++
++^
+diff --git a/result/valid/766956.xml b/result/valid/766956.xml
+new file mode 100644
+index 0000000..e69de29
+diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
+new file mode 100644
+index 0000000..34b1dae
+--- /dev/null
++++ b/result/valid/766956.xml.err
+@@ -0,0 +1,9 @@
++test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
++%ä%ent;
++ ^
++Entity: line 1: parser error : Content error in the external subset
++ %ent;
++ ^
++Entity: line 1:
++value
++^
+diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
+new file mode 100644
+index 0000000..7760346
+--- /dev/null
++++ b/result/valid/766956.xml.err.rdr
+@@ -0,0 +1,10 @@
++test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
++%ä%ent;
++ ^
++Entity: line 1: parser error : Content error in the external subset
++ %ent;
++ ^
++Entity: line 1:
++value
++^
++./test/valid/766956.xml : failed to parse
+diff --git a/runtest.c b/runtest.c
+index bb74d2a..63e8c20 100644
+--- a/runtest.c
++++ b/runtest.c
+@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
+ { "Error cases regression tests",
+ errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
+ 0 },
++ { "Error cases regression tests (old 1.0)",
++ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
++ XML_PARSE_OLD10 },
+ #ifdef LIBXML_READER_ENABLED
+ { "Error cases stream regression tests",
+ streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
+diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
+new file mode 100644
+index 0000000..d9e9e83
+--- /dev/null
++++ b/test/errors10/781205.xml
+@@ -0,0 +1,3 @@
++<!DOCTYPE D [
++ <!ENTITY % a "<:0000">
++ %a;
+diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
+new file mode 100644
+index 0000000..67476bc
+--- /dev/null
++++ b/test/errors10/781361.xml
+@@ -0,0 +1,3 @@
++<!DOCTYPE doc [
++ <!ENTITY % elem "<!ELEMENT e0000000000">
++ %elem;
+diff --git a/test/valid/766956.xml b/test/valid/766956.xml
+new file mode 100644
+index 0000000..19a95a0
+--- /dev/null
++++ b/test/valid/766956.xml
+@@ -0,0 +1,2 @@
++<!DOCTYPE test SYSTEM "dtds/766956.dtd">
++<test/>
+diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
+new file mode 100644
+index 0000000..dddde68
+--- /dev/null
++++ b/test/valid/dtds/766956.dtd
+@@ -0,0 +1,2 @@
++<!ENTITY % ent "value">
++%ä%ent;
diff --git a/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
new file mode 100644
index 0000000..faa5770
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
@@ -0,0 +1,590 @@
+libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2
+
+[No upstream tracking]
+
+parser: Avoid reparsing in xmlParseStartTag2
+
+The code in xmlParseStartTag2 must handle the case that the input
+buffer was grown and reallocated which can invalidate pointers to
+attribute values. Before, this was handled by detecting changes of
+the input buffer "base" pointer and, in case of a change, jumping
+back to the beginning of the function and reparsing the start tag.
+
+The major problem of this approach is that whether an input buffer is
+reallocated is nondeterministic, resulting in seemingly random test
+failures. See the mailing list thread "runtest mystery bug: name2.xml
+error case regression test" from 2012, for example.
+
+If a reallocation was detected, the code also made no attempts to
+continue parsing in case of errors which makes a difference in
+the lax "recover" mode.
+
+Now we store the current input buffer "base" pointer for each (not
+separately allocated) attribute in the namespace URI field, which isn't
+used until later. After the whole start tag was parsed, the pointers to
+the attribute values are reconstructed using the offset between the
+new and the old input buffer. This relies on arithmetic on dangling
+pointers which is technically undefined behavior. But it seems like
+the easiest and most efficient fix and a similar approach is used in
+xmlParserInputGrow.
+
+This changes the error output of several tests, typically making it
+more verbose because we try harder to continue parsing in case of errors.
+
+(Another possible solution is to check not only the "base" pointer
+but the size of the input buffer as well. But this would result in
+even more reparsing.)
+
+Remove some goto labels and deduplicate a bit of code after handling
+namespaces.
+
+There were two bugs where parameter-entity references could lead to an
+unexpected change of the input buffer in xmlParseNameComplex and
+xmlDictLookup being called with an invalid pointer.
+
+
+Upstream-Status: Backport
+ - [https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349]
+ - [https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0]
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/parser.c b/parser.c
+index 609a270..74016e3 100644
+--- a/parser.c
++++ b/parser.c
+@@ -43,6 +43,7 @@
+ #include <limits.h>
+ #include <string.h>
+ #include <stdarg.h>
++#include <stddef.h>
+ #include <libxml/xmlmemory.h>
+ #include <libxml/threads.h>
+ #include <libxml/globals.h>
+@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
+ const xmlChar **atts = ctxt->atts;
+ int maxatts = ctxt->maxatts;
+ int nratts, nbatts, nbdef;
+- int i, j, nbNs, attval, oldline, oldcol, inputNr;
+- const xmlChar *base;
++ int i, j, nbNs, attval;
+ unsigned long cur;
+ int nsNr = ctxt->nsNr;
+
+@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
+ * The Shrinking is only possible once the full set of attribute
+ * callbacks have been done.
+ */
+-reparse:
+ SHRINK;
+- base = ctxt->input->base;
+ cur = ctxt->input->cur - ctxt->input->base;
+- inputNr = ctxt->inputNr;
+- oldline = ctxt->input->line;
+- oldcol = ctxt->input->col;
+ nbatts = 0;
+ nratts = 0;
+ nbdef = 0;
+@@ -9422,8 +9417,6 @@ reparse:
+ */
+ SKIP_BLANKS;
+ GROW;
+- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
+- goto base_changed;
+
+ while (((RAW != '>') &&
+ ((RAW != '/') || (NXT(1) != '>')) &&
+@@ -9434,203 +9427,174 @@ reparse:
+
+ attname = xmlParseAttribute2(ctxt, prefix, localname,
+ &aprefix, &attvalue, &len, &alloc);
+- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
+- if ((attvalue != NULL) && (alloc != 0))
+- xmlFree(attvalue);
+- attvalue = NULL;
+- goto base_changed;
+- }
+- if ((attname != NULL) && (attvalue != NULL)) {
+- if (len < 0) len = xmlStrlen(attvalue);
+- if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
+- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
+- xmlURIPtr uri;
+-
+- if (URL == NULL) {
+- xmlErrMemory(ctxt, "dictionary allocation failure");
+- if ((attvalue != NULL) && (alloc != 0))
+- xmlFree(attvalue);
+- return(NULL);
+- }
+- if (*URL != 0) {
+- uri = xmlParseURI((const char *) URL);
+- if (uri == NULL) {
+- xmlNsErr(ctxt, XML_WAR_NS_URI,
+- "xmlns: '%s' is not a valid URI\n",
+- URL, NULL, NULL);
+- } else {
+- if (uri->scheme == NULL) {
+- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
+- "xmlns: URI %s is not absolute\n",
+- URL, NULL, NULL);
+- }
+- xmlFreeURI(uri);
+- }
+- if (URL == ctxt->str_xml_ns) {
+- if (attname != ctxt->str_xml) {
+- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
+- "xml namespace URI cannot be the default namespace\n",
+- NULL, NULL, NULL);
+- }
+- goto skip_default_ns;
+- }
+- if ((len == 29) &&
+- (xmlStrEqual(URL,
+- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
+- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
+- "reuse of the xmlns namespace name is forbidden\n",
+- NULL, NULL, NULL);
+- goto skip_default_ns;
+- }
+- }
+- /*
+- * check that it's not a defined namespace
+- */
+- for (j = 1;j <= nbNs;j++)
+- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
+- break;
+- if (j <= nbNs)
+- xmlErrAttributeDup(ctxt, NULL, attname);
+- else
+- if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
+-skip_default_ns:
+- if ((attvalue != NULL) && (alloc != 0)) {
+- xmlFree(attvalue);
+- attvalue = NULL;
+- }
+- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
+- break;
+- if (!IS_BLANK_CH(RAW)) {
+- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
+- "attributes construct error\n");
+- break;
+- }
+- SKIP_BLANKS;
+- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
+- goto base_changed;
+- continue;
+- }
+- if (aprefix == ctxt->str_xmlns) {
+- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
+- xmlURIPtr uri;
+-
+- if (attname == ctxt->str_xml) {
+- if (URL != ctxt->str_xml_ns) {
+- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
+- "xml namespace prefix mapped to wrong URI\n",
+- NULL, NULL, NULL);
+- }
+- /*
+- * Do not keep a namespace definition node
+- */
+- goto skip_ns;
+- }
++ if ((attname == NULL) || (attvalue == NULL))
++ goto next_attr;
++ if (len < 0) len = xmlStrlen(attvalue);
++
++ if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
++ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
++ xmlURIPtr uri;
++
++ if (URL == NULL) {
++ xmlErrMemory(ctxt, "dictionary allocation failure");
++ if ((attvalue != NULL) && (alloc != 0))
++ xmlFree(attvalue);
++ return(NULL);
++ }
++ if (*URL != 0) {
++ uri = xmlParseURI((const char *) URL);
++ if (uri == NULL) {
++ xmlNsErr(ctxt, XML_WAR_NS_URI,
++ "xmlns: '%s' is not a valid URI\n",
++ URL, NULL, NULL);
++ } else {
++ if (uri->scheme == NULL) {
++ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
++ "xmlns: URI %s is not absolute\n",
++ URL, NULL, NULL);
++ }
++ xmlFreeURI(uri);
++ }
+ if (URL == ctxt->str_xml_ns) {
+- if (attname != ctxt->str_xml) {
+- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
+- "xml namespace URI mapped to wrong prefix\n",
+- NULL, NULL, NULL);
+- }
+- goto skip_ns;
+- }
+- if (attname == ctxt->str_xmlns) {
+- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
+- "redefinition of the xmlns prefix is forbidden\n",
+- NULL, NULL, NULL);
+- goto skip_ns;
+- }
+- if ((len == 29) &&
+- (xmlStrEqual(URL,
+- BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
+- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
+- "reuse of the xmlns namespace name is forbidden\n",
+- NULL, NULL, NULL);
+- goto skip_ns;
+- }
+- if ((URL == NULL) || (URL[0] == 0)) {
+- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
+- "xmlns:%s: Empty XML namespace is not allowed\n",
+- attname, NULL, NULL);
+- goto skip_ns;
+- } else {
+- uri = xmlParseURI((const char *) URL);
+- if (uri == NULL) {
+- xmlNsErr(ctxt, XML_WAR_NS_URI,
+- "xmlns:%s: '%s' is not a valid URI\n",
+- attname, URL, NULL);
+- } else {
+- if ((ctxt->pedantic) && (uri->scheme == NULL)) {
+- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
+- "xmlns:%s: URI %s is not absolute\n",
+- attname, URL, NULL);
+- }
+- xmlFreeURI(uri);
+- }
+- }
+-
+- /*
+- * check that it's not a defined namespace
+- */
+- for (j = 1;j <= nbNs;j++)
+- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
+- break;
+- if (j <= nbNs)
+- xmlErrAttributeDup(ctxt, aprefix, attname);
+- else
+- if (nsPush(ctxt, attname, URL) > 0) nbNs++;
+-skip_ns:
+- if ((attvalue != NULL) && (alloc != 0)) {
+- xmlFree(attvalue);
+- attvalue = NULL;
+- }
+- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
+- break;
+- if (!IS_BLANK_CH(RAW)) {
+- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
+- "attributes construct error\n");
+- break;
+- }
+- SKIP_BLANKS;
+- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
+- goto base_changed;
+- continue;
+- }
++ if (attname != ctxt->str_xml) {
++ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
++ "xml namespace URI cannot be the default namespace\n",
++ NULL, NULL, NULL);
++ }
++ goto next_attr;
++ }
++ if ((len == 29) &&
++ (xmlStrEqual(URL,
++ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
++ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
++ "reuse of the xmlns namespace name is forbidden\n",
++ NULL, NULL, NULL);
++ goto next_attr;
++ }
++ }
++ /*
++ * check that it's not a defined namespace
++ */
++ for (j = 1;j <= nbNs;j++)
++ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
++ break;
++ if (j <= nbNs)
++ xmlErrAttributeDup(ctxt, NULL, attname);
++ else
++ if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
++
++ } else if (aprefix == ctxt->str_xmlns) {
++ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
++ xmlURIPtr uri;
++
++ if (attname == ctxt->str_xml) {
++ if (URL != ctxt->str_xml_ns) {
++ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
++ "xml namespace prefix mapped to wrong URI\n",
++ NULL, NULL, NULL);
++ }
++ /*
++ * Do not keep a namespace definition node
++ */
++ goto next_attr;
++ }
++ if (URL == ctxt->str_xml_ns) {
++ if (attname != ctxt->str_xml) {
++ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
++ "xml namespace URI mapped to wrong prefix\n",
++ NULL, NULL, NULL);
++ }
++ goto next_attr;
++ }
++ if (attname == ctxt->str_xmlns) {
++ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
++ "redefinition of the xmlns prefix is forbidden\n",
++ NULL, NULL, NULL);
++ goto next_attr;
++ }
++ if ((len == 29) &&
++ (xmlStrEqual(URL,
++ BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
++ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
++ "reuse of the xmlns namespace name is forbidden\n",
++ NULL, NULL, NULL);
++ goto next_attr;
++ }
++ if ((URL == NULL) || (URL[0] == 0)) {
++ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
++ "xmlns:%s: Empty XML namespace is not allowed\n",
++ attname, NULL, NULL);
++ goto next_attr;
++ } else {
++ uri = xmlParseURI((const char *) URL);
++ if (uri == NULL) {
++ xmlNsErr(ctxt, XML_WAR_NS_URI,
++ "xmlns:%s: '%s' is not a valid URI\n",
++ attname, URL, NULL);
++ } else {
++ if ((ctxt->pedantic) && (uri->scheme == NULL)) {
++ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
++ "xmlns:%s: URI %s is not absolute\n",
++ attname, URL, NULL);
++ }
++ xmlFreeURI(uri);
++ }
++ }
+
+- /*
+- * Add the pair to atts
+- */
+- if ((atts == NULL) || (nbatts + 5 > maxatts)) {
+- if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
+- if (attvalue[len] == 0)
+- xmlFree(attvalue);
+- goto failed;
+- }
+- maxatts = ctxt->maxatts;
+- atts = ctxt->atts;
+- }
+- ctxt->attallocs[nratts++] = alloc;
+- atts[nbatts++] = attname;
+- atts[nbatts++] = aprefix;
+- atts[nbatts++] = NULL; /* the URI will be fetched later */
+- atts[nbatts++] = attvalue;
+- attvalue += len;
+- atts[nbatts++] = attvalue;
+- /*
+- * tag if some deallocation is needed
+- */
+- if (alloc != 0) attval = 1;
+- } else {
+- if ((attvalue != NULL) && (attvalue[len] == 0))
+- xmlFree(attvalue);
+- }
++ /*
++ * check that it's not a defined namespace
++ */
++ for (j = 1;j <= nbNs;j++)
++ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
++ break;
++ if (j <= nbNs)
++ xmlErrAttributeDup(ctxt, aprefix, attname);
++ else
++ if (nsPush(ctxt, attname, URL) > 0) nbNs++;
++
++ } else {
++ /*
++ * Add the pair to atts
++ */
++ if ((atts == NULL) || (nbatts + 5 > maxatts)) {
++ if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
++ goto next_attr;
++ }
++ maxatts = ctxt->maxatts;
++ atts = ctxt->atts;
++ }
++ ctxt->attallocs[nratts++] = alloc;
++ atts[nbatts++] = attname;
++ atts[nbatts++] = aprefix;
++ /*
++ * The namespace URI field is used temporarily to point at the
++ * base of the current input buffer for non-alloced attributes.
++ * When the input buffer is reallocated, all the pointers become
++ * invalid, but they can be reconstructed later.
++ */
++ if (alloc)
++ atts[nbatts++] = NULL;
++ else
++ atts[nbatts++] = ctxt->input->base;
++ atts[nbatts++] = attvalue;
++ attvalue += len;
++ atts[nbatts++] = attvalue;
++ /*
++ * tag if some deallocation is needed
++ */
++ if (alloc != 0) attval = 1;
++ attvalue = NULL; /* moved into atts */
++ }
+
+-failed:
++next_attr:
++ if ((attvalue != NULL) && (alloc != 0)) {
++ xmlFree(attvalue);
++ attvalue = NULL;
++ }
+
+ GROW
+ if (ctxt->instate == XML_PARSER_EOF)
+ break;
+- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
+- goto base_changed;
+ if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
+ break;
+ if (!IS_BLANK_CH(RAW)) {
+@@ -9646,8 +9610,20 @@ failed:
+ break;
+ }
+ GROW;
+- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
+- goto base_changed;
++ }
++
++ /* Reconstruct attribute value pointers. */
++ for (i = 0, j = 0; j < nratts; i += 5, j++) {
++ if (atts[i+2] != NULL) {
++ /*
++ * Arithmetic on dangling pointers is technically undefined
++ * behavior, but well...
++ */
++ ptrdiff_t offset = ctxt->input->base - atts[i+2];
++ atts[i+2] = NULL; /* Reset repurposed namespace URI */
++ atts[i+3] += offset; /* value */
++ atts[i+4] += offset; /* valuend */
++ }
+ }
+
+ /*
+@@ -9804,34 +9780,6 @@ failed:
+ }
+
+ return(localname);
+-
+-base_changed:
+- /*
+- * the attribute strings are valid iif the base didn't changed
+- */
+- if (attval != 0) {
+- for (i = 3,j = 0; j < nratts;i += 5,j++)
+- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
+- xmlFree((xmlChar *) atts[i]);
+- }
+-
+- /*
+- * We can't switch from one entity to another in the middle
+- * of a start tag
+- */
+- if (inputNr != ctxt->inputNr) {
+- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
+- "Start tag doesn't start and stop in the same entity\n");
+- return(NULL);
+- }
+-
+- ctxt->input->cur = ctxt->input->base + cur;
+- ctxt->input->line = oldline;
+- ctxt->input->col = oldcol;
+- if (ctxt->wellFormed == 1) {
+- goto reparse;
+- }
+- return(NULL);
+ }
+
+ /**
+diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err
+index e08d9bf..f6036a3 100644
+--- a/result/errors/759398.xml.err
++++ b/result/errors/759398.xml.err
+@@ -1,9 +1,12 @@
+ ./test/errors/759398.xml:210: parser error : StartTag: invalid element name
+ need to worry about parsers whi<! don't expand PErefs finding
+ ^
+-./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: spec line 50 and termdef
++./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№m line 308 and termdef
+ and provide access to their content and structure.</termdef> <termdef
+ ^
+-./test/errors/759398.xml:309: parser error : Extra content at the end of the document
+-and provide access to their content and structure.</termdef> <termdef
+- ^
++./test/errors/759398.xml:314: parser error : Opening and ending tag mismatch: spec line 50 and p
++data and the information it must provide to the application.</p>
++ ^
++./test/errors/759398.xml:316: parser error : Extra content at the end of the document
++<div2 id='sec-origin-goals'>
++^
+diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err
+index 4f08538..c4c4fc8 100644
+--- a/result/errors/attr1.xml.err
++++ b/result/errors/attr1.xml.err
+@@ -1,6 +1,9 @@
+ ./test/errors/attr1.xml:2: parser error : AttValue: ' expected
+
+ ^
+-./test/errors/attr1.xml:1: parser error : Extra content at the end of the document
+-<foo foo="oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
+- ^
++./test/errors/attr1.xml:2: parser error : attributes construct error
++
++^
++./test/errors/attr1.xml:2: parser error : Couldn't find end of Start Tag foo line 1
++
++^
+diff --git a/result/errors/attr2.xml.err b/result/errors/attr2.xml.err
+index c8a9c7d..77e342e 100644
+--- a/result/errors/attr2.xml.err
++++ b/result/errors/attr2.xml.err
+@@ -1,6 +1,9 @@
+ ./test/errors/attr2.xml:2: parser error : AttValue: ' expected
+
+ ^
+-./test/errors/attr2.xml:1: parser error : Extra content at the end of the document
+-<foo foo=">ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
+- ^
++./test/errors/attr2.xml:2: parser error : attributes construct error
++
++^
++./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
++
++^
+diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err
+index a6649a1..8a6acee 100644
+--- a/result/errors/name2.xml.err
++++ b/result/errors/name2.xml.err
+@@ -1,6 +1,9 @@
+ ./test/errors/name2.xml:2: parser error : Specification mandate value for attribute foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
+
+ ^
+-./test/errors/name2.xml:1: parser error : Extra content at the end of the document
+-<foo foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
+- ^
++./test/errors/name2.xml:2: parser error : attributes construct error
++
++^
++./test/errors/name2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
++
++^
diff --git a/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/runtest.patch b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/runtest.patch
index 397ab20..6e56857 100644
--- a/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/runtest.patch
+++ b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/runtest.patch
@@ -2,12 +2,13 @@
Print a standard result line for each test.
Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
-Upstream-Status: Pending
+Signed-off-by: Andrej Valek <andrej.valek@enea.com>
+Upstream-Status: Backport
diff -uNr a/Makefile.am b/Makefile.am
---- a/Makefile.am 2013-04-17 14:51:42.633386477 +0200
-+++ b/Makefile.am 2013-04-19 14:47:51.544720568 +0200
-@@ -202,10 +202,19 @@
+--- a/Makefile.am 2016-05-22 03:49:02.000000000 +0200
++++ b/Makefile.am 2017-06-14 10:38:43.381305385 +0200
+@@ -202,10 +202,24 @@
#testOOM_DEPENDENCIES = $(DEPS)
#testOOM_LDADD= $(LDADDS)
@@ -24,10 +25,24 @@
[ -d test ] || $(LN_S) $(srcdir)/test .
[ -d result ] || $(LN_S) $(srcdir)/result .
- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
-+ ./runtest$(EXEEXT) ; ./testrecurse$(EXEEXT) ; ./testapi$(EXEEXT) ; ./testchar$(EXEEXT) ; ./testdict$(EXEEXT) ; ./runxmlconf$(EXEEXT)
++ $(CHECKER) ./runtest$(EXEEXT) && \
++ $(CHECKER) ./testrecurse$(EXEEXT) && \
++ ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) ./testapi$(EXEEXT) && \
++ $(CHECKER) ./testchar$(EXEEXT) && \
++ $(CHECKER) ./testdict$(EXEEXT) && \
++ $(CHECKER) ./runxmlconf$(EXEEXT)
@(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \
$(MAKE) tests ; fi)
+@@ -229,7 +243,7 @@
+
+ APItests: testapi$(EXEEXT)
+ @echo "## Running the API regression tests this may take a little while"
+- -@($(CHECKER) $(top_builddir)/testapi -q)
++ -@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) $(top_builddir)/testapi -q)
+
+ HTMLtests : testHTML$(EXEEXT)
+ @(echo > .memdump)
diff -uNr a/runsuite.c b/runsuite.c
--- a/runsuite.c 2013-04-12 16:17:11.462823238 +0200
+++ b/runsuite.c 2013-04-17 14:07:24.352693211 +0200
diff --git a/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2_2.9.4.bb b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2_2.9.4.bb
index c2c3c93..107539b 100644
--- a/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -23,8 +23,14 @@
file://libxml2-CVE-2016-5131.patch \
file://libxml2-CVE-2016-4658.patch \
file://libxml2-fix_NULL_pointer_derefs.patch \
- file://CVE-2016-9318.patch \
- "
+ file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
+ file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
+ file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
+ file://libxml2-CVE-2017-5969.patch \
+ file://libxml2-CVE-2017-0663.patch \
+ file://libxml2-CVE-2017-8872.patch \
+ file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
+ "
SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
SRC_URI[libtar.sha256sum] = "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c"
@@ -33,22 +39,24 @@
BINCONFIG = "${bindir}/xml2-config"
-inherit autotools pkgconfig binconfig-disabled pythonnative ptest
+PACKAGECONFIG ??= "python \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
+"
+PACKAGECONFIG[python] = "--with-python=${PYTHON},--without-python,python3"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
-RDEPENDS_${PN}-ptest += "python-core"
+inherit autotools pkgconfig binconfig-disabled ptest
-RDEPENDS_${PN}-python += "python-core"
+inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3native', '', d)}
+
+RDEPENDS_${PN}-ptest += "make ${@bb.utils.contains('PACKAGECONFIG', 'python', 'libgcc python3-core python3-argparse python3-logging python3-shell python3-signal python3-stringold python3-threading python3-unittest ${PN}-python', '', d)}"
+
+RDEPENDS_${PN}-python += "${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3-core', '', d)}"
RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-ebcdic-us glibc-gconv-ibm1141"
export PYTHON_SITE_PACKAGES="${PYTHON_SITEPACKAGES_DIR}"
-PACKAGECONFIG ??= "python \
- ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \
-"
-PACKAGECONFIG[python] = "--with-python=${PYTHON},--without-python,python"
-PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
-
# WARNING: zlib is require for RPM use
EXTRA_OECONF = "--without-debug --without-legacy --with-catalog --without-docbook --with-c14n --without-lzma --with-fexceptions"
EXTRA_OECONF_class-native = "--without-legacy --without-docbook --with-c14n --without-lzma --with-zlib"
@@ -57,7 +65,7 @@
python populate_packages_prepend () {
# autonamer would call this libxml2-2, but we don't want that
- if d.getVar('DEBIAN_NAMES', True):
+ if d.getVar('DEBIAN_NAMES'):
d.setVar('PKG_libxml2', '${MLPREFIX}libxml2')
}
@@ -75,6 +83,17 @@
do_install_ptest () {
cp -r ${WORKDIR}/xmlconf ${D}${PTEST_PATH}
+ if [ "${@bb.utils.filter('PACKAGECONFIG', 'python', d)}" ]; then
+ sed -i -e 's|^\(PYTHON = \).*|\1${USRBINPATH}/${PYTHON_PN}|' \
+ ${D}${PTEST_PATH}/python/tests/Makefile
+ grep -lrZ '#!/usr/bin/python' ${D}${PTEST_PATH}/python |
+ xargs -0 sed -i -e 's|/usr/bin/python|${USRBINPATH}/${PYTHON_PN}|'
+ fi
+}
+
+do_install_append_class-native () {
+ # Docs are not needed in the native case
+ rm ${D}${datadir}/gtk-doc -rf
}
BBCLASSEXTEND = "native nativesdk"