$ git diff --patch-with-stat --summary 30306d3117c49a600a43387e1db61bd6532452ad..29a3c3f2ea5f896743512fdc034bc269c45ed72f
.abf.yml | 2 +-
cve-2016-9318.patch | 177 ----------------------------------------------------
libxml2.spec | 7 +--
3 files changed, 4 insertions(+), 182 deletions(-)
delete mode 100644 cve-2016-9318.patch
diff --git a/.abf.yml b/.abf.yml
index 678100f..5273e62 100644
--- a/.abf.yml
+++ b/.abf.yml
@@ -1,2 +1,2 @@
sources:
- libxml2-2.9.9.tar.gz: 96686d1dd9fddf3b35a28b1e2e4bbacac889add3
+ libxml2-2.9.10.tar.gz: db6592ec9ca9708c4e71bf6bfd907bbb5cd40644
diff --git a/cve-2016-9318.patch b/cve-2016-9318.patch
deleted file mode 100644
index 908dd3d..0000000
--- a/cve-2016-9318.patch
+++ /dev/null
@@ -1,177 +0,0 @@
-diff --git a/elfgcchack.h b/elfgcchack.h
-index 8c52884..1b81dcd 100644
---- a/elfgcchack.h
-+++ b/elfgcchack.h
-@@ -6547,6 +6547,16 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int
- #endif
- #endif
-
-+#ifdef bottom_xmlIO
-+#undef xmlNoXxeExternalEntityLoader
-+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias")));
-+#else
-+#ifndef xmlNoXxeExternalEntityLoader
-+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden")));
-+#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias
-+#endif
-+#endif
-+
- #ifdef bottom_tree
- #undef xmlNodeAddContent
- extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias")));
-diff --git a/include/libxml/parser.h b/include/libxml/parser.h
-index 47fbec0..4cced91 100644
---- a/include/libxml/parser.h
-+++ b/include/libxml/parser.h
-@@ -1111,7 +1111,8 @@ typedef enum {
- XML_PARSE_HUGE = 1<<19,/* relax any hardcoded limit from the parser */
- XML_PARSE_OLDSAX = 1<<20,/* parse using SAX2 interface before 2.7.0 */
- XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */
-- XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */
-+ XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */
-+ XML_PARSE_NOXXE = 1<<23 /* Forbid any external entity substitution */
- } xmlParserOption;
-
- XMLPUBFUN void XMLCALL
-diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h
-index 3e41744..8d3fdef 100644
---- a/include/libxml/xmlIO.h
-+++ b/include/libxml/xmlIO.h
-@@ -300,6 +300,14 @@ XMLPUBFUN xmlParserInputPtr XMLCALL
- xmlParserCtxtPtr ctxt);
-
- /*
-+ * A predefined entity loader external entity expansion
-+ */
-+XMLPUBFUN xmlParserInputPtr XMLCALL
-+ xmlNoXxeExternalEntityLoader (const char *URL,
-+ const char *ID,
-+ xmlParserCtxtPtr ctxt);
-+
-+/*
- * xmlNormalizeWindowsPath is obsolete, don't use it.
- * Check xmlCanonicPath in uri.h for a better alternative.
- */
-diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h
-index 037c16d..3036062 100644
---- a/include/libxml/xmlerror.h
-+++ b/include/libxml/xmlerror.h
-@@ -470,6 +470,7 @@ typedef enum {
- XML_IO_EADDRINUSE, /* 1554 */
- XML_IO_EALREADY, /* 1555 */
- XML_IO_EAFNOSUPPORT, /* 1556 */
-+ XML_IO_ILLEGAL_XXE, /* 1557 */
- XML_XINCLUDE_RECURSION=1600,
- XML_XINCLUDE_PARSE_VALUE, /* 1601 */
- XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */
-diff --git a/parser.c b/parser.c
-index 1005395..df3af6f 100644
---- a/parser.c
-+++ b/parser.c
-@@ -15106,6 +15106,10 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi
- ctxt->options |= XML_PARSE_NONET;
- options -= XML_PARSE_NONET;
- }
-+ if (options & XML_PARSE_NOXXE) {
-+ ctxt->options |= XML_PARSE_NOXXE;
-+ options -= XML_PARSE_NOXXE;
-+ }
- if (options & XML_PARSE_COMPACT) {
- ctxt->options |= XML_PARSE_COMPACT;
- options -= XML_PARSE_COMPACT;
-diff --git a/xmlIO.c b/xmlIO.c
-index 6891ff9..3f9e976 100644
---- a/xmlIO.c
-+++ b/xmlIO.c
-@@ -210,6 +210,7 @@ static const char *IOerr[] = {
- "adddress in use", /* EADDRINUSE */
- "already in use", /* EALREADY */
- "unknown address familly", /* EAFNOSUPPORT */
-+ "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */
- };
-
- #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__)
-@@ -4058,13 +4059,22 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID,
- xmlGenericError(xmlGenericErrorContext,
- "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL);
- #endif
-- if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) {
-+ if (ctxt != NULL) {
- int options = ctxt->options;
-
-- ctxt->options -= XML_PARSE_NONET;
-- ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
-- ctxt->options = options;
-- return(ret);
-+ if (options & XML_PARSE_NOXXE) {
-+ ctxt->options -= XML_PARSE_NOXXE;
-+ ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt);
-+ ctxt->options = options;
-+ return(ret);
-+ }
-+
-+ if (options & XML_PARSE_NONET) {
-+ ctxt->options -= XML_PARSE_NONET;
-+ ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
-+ ctxt->options = options;
-+ return(ret);
-+ }
- }
- #ifdef LIBXML_CATALOG_ENABLED
- resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
-@@ -4165,6 +4175,13 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
- xmlParserInputPtr input = NULL;
- xmlChar *resource = NULL;
-
-+ if (ctxt == NULL) {
-+ return(NULL);
-+ }
-+ if (ctxt->input_id == 1) {
-+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
-+ }
-+
- #ifdef LIBXML_CATALOG_ENABLED
- resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
- #endif
-@@ -4187,5 +4204,18 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
- return(input);
- }
-
-+xmlParserInputPtr
-+xmlNoXxeExternalEntityLoader(const char *URL, const char *ID,
-+ xmlParserCtxtPtr ctxt) {
-+ if (ctxt == NULL) {
-+ return(NULL);
-+ }
-+ if (ctxt->input_id == 1) {
-+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
-+ }
-+ xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL);
-+ return(NULL);
-+}
-+
- #define bottom_xmlIO
- #include "elfgcchack.h"
-diff --git a/xmllint.c b/xmllint.c
-index c175730..fd817cf 100644
---- a/xmllint.c
-+++ b/xmllint.c
-@@ -3019,6 +3019,7 @@ static void usage(FILE *f, const char *name) {
- fprintf(f, "\t--path 'paths': provide a set of paths for resources\n");
- fprintf(f, "\t--load-trace : print trace of all external entities loaded\n");
- fprintf(f, "\t--nonet : refuse to fetch DTDs or entities over network\n");
-+ fprintf(f, "\t--noxxe : forbid any external entity substitution\n");
- fprintf(f, "\t--nocompact : do not generate compact text nodes\n");
- fprintf(f, "\t--htmlout : output results as HTML\n");
- fprintf(f, "\t--nowrap : do not put HTML doc wrapper\n");
-@@ -3461,6 +3462,10 @@ main(int argc, char **argv) {
- (!strcmp(argv[i], "--nonet"))) {
- options |= XML_PARSE_NONET;
- xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader);
-+ } else if ((!strcmp(argv[i], "-noxxe")) ||
-+ (!strcmp(argv[i], "--noxxe"))) {
-+ options |= XML_PARSE_NOXXE;
-+ xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader);
- } else if ((!strcmp(argv[i], "-nocompact")) ||
- (!strcmp(argv[i], "--nocompact"))) {
- options &= ~XML_PARSE_COMPACT;
diff --git a/libxml2.spec b/libxml2.spec
index d335b24..102238c 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -21,13 +21,12 @@
Summary: Library providing XML and HTML support
Name: libxml2
-Version: 2.9.9
-Release: 3
+Version: 2.9.10
+Release: 2
License: MIT
Group: System/Libraries
Url: http://www.xmlsoft.org/
Source0: http://xmlsoft.org/sources/%{name}-%{version}.tar.gz
-Patch0: cve-2016-9318.patch
#Patch1: libxml2-2.9.7-fix-python-bindings.patch
Patch1: libxml2-2.9.9-no-Lusrlib.patch
BuildRequires: gtk-doc
@@ -36,7 +35,7 @@ BuildRequires: pkgconfig(python3)
BuildRequires: pkgconfig(python2)
BuildRequires: gettext-devel
%endif
-BuildRequires: readline-devel
+BuildRequires: pkgconfig(readline)
BuildRequires: pkgconfig(liblzma)
BuildRequires: pkgconfig(zlib)
%ifarch riscv64