From 4b6703847376838d0b091acd9b0e0193b6439657 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Mon, 28 Feb 2022 18:52:45 +0100 Subject: [PATCH] package/libxml2: security bump to version 2.9.13 Fix the following security issues: - [CVE-2022-23308] Use-after-free of ID and IDREF attributes - Use-after-free in xmlXIncludeCopyRange - Fix Null-deref-in-xmlSchemaGetComponentTargetNs - Fix memory leak in xmlXPathCompNodeTest - Fix null pointer deref in xmlStringGetNodeList - Fix several memory leaks found by Coverity https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.13 Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- package/libxml2/libxml2.hash | 4 ++-- package/libxml2/libxml2.mk | 7 +++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/package/libxml2/libxml2.hash b/package/libxml2/libxml2.hash index ce6c3c4825..81ac3e3f31 100644 --- a/package/libxml2/libxml2.hash +++ b/package/libxml2/libxml2.hash @@ -1,4 +1,4 @@ -# Locally calculated after checking pgp signature -sha256 c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92 libxml2-2.9.12.tar.gz +# From http://ftp.acc.umu.se/pub/gnome/sources/libxml2/2.9/libxml2-2.9.13.sha256sum +sha256 276130602d12fe484ecc03447ee5e759d0465558fbc9d6bd144e3745306ebf0e libxml2-2.9.13.tar.xz # License files, locally calculated sha256 c5c63674f8a83c4d2e385d96d1c670a03cb871ba2927755467017317878574bd COPYING diff --git a/package/libxml2/libxml2.mk b/package/libxml2/libxml2.mk index 023a461472..5382f28ec4 100644 --- a/package/libxml2/libxml2.mk +++ b/package/libxml2/libxml2.mk @@ -4,8 +4,11 @@ # ################################################################################ -LIBXML2_VERSION = 2.9.12 -LIBXML2_SITE = http://xmlsoft.org/sources +LIBXML2_VERSION_MAJOR = 2.9 +LIBXML2_VERSION = $(LIBXML2_VERSION_MAJOR).13 +LIBXML2_SOURCE = libxml2-$(LIBXML2_VERSION).tar.xz +LIBXML2_SITE = \ + http://ftp.gnome.org/pub/gnome/sources/libxml2/$(LIBXML2_VERSION_MAJOR) LIBXML2_INSTALL_STAGING = YES LIBXML2_LICENSE = MIT LIBXML2_LICENSE_FILES = COPYING