package/libxml2: security bump to version 2.9.13

Fix the following security issues: - [CVE-2022-23308] Use-after-free of ID and IDREF attributes - Use-after-free in xmlXIncludeCopyRange - Fix Null-deref-in-xmlSchemaGetComponentTargetNs - Fix memory leak in xmlXPathCompNodeTest - Fix null pointer deref in xmlStringGetNodeList - Fix several memory leaks found by Coverity https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.13 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-02-28 18:52:45 +01:00 · 2022-02-28 18:52:45 +01:00 · 4b67038473
commit 4b67038473
parent 96cb2d5c0c
2 changed files with 7 additions and 4 deletions
--- a/package/libxml2/libxml2.hash
+++ b/package/libxml2/libxml2.hash
@ -1,4 +1,4 @@
-# Locally calculated after checking pgp signature
-sha256  c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92  libxml2-2.9.12.tar.gz
+# From http://ftp.acc.umu.se/pub/gnome/sources/libxml2/2.9/libxml2-2.9.13.sha256sum
+sha256  276130602d12fe484ecc03447ee5e759d0465558fbc9d6bd144e3745306ebf0e  libxml2-2.9.13.tar.xz
 # License files, locally calculated
 sha256  c5c63674f8a83c4d2e385d96d1c670a03cb871ba2927755467017317878574bd  COPYING
--- a/package/libxml2/libxml2.mk
+++ b/package/libxml2/libxml2.mk
@ -4,8 +4,11 @@
 #
 ################################################################################

-LIBXML2_VERSION = 2.9.12
-LIBXML2_SITE = http://xmlsoft.org/sources
+LIBXML2_VERSION_MAJOR = 2.9
+LIBXML2_VERSION = $(LIBXML2_VERSION_MAJOR).13
+LIBXML2_SOURCE = libxml2-$(LIBXML2_VERSION).tar.xz
+LIBXML2_SITE = \
+	http://ftp.gnome.org/pub/gnome/sources/libxml2/$(LIBXML2_VERSION_MAJOR)
 LIBXML2_INSTALL_STAGING = YES
 LIBXML2_LICENSE = MIT
 LIBXML2_LICENSE_FILES = COPYING