libxml2: update to 2.9.10

Signed-off-by: Michael Heimpold <mhei@heimpold.de> (cherry picked from commit 10e867d026) [remove no longer needed CVE-2019-19956 patch (fixed in libxml2 2.9.10)] Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
2019-11-26 00:10:22 +01:00 · 2019-11-26 00:10:22 +01:00 · a23bfc9774
parent 6dbc752fdd
commit a23bfc9774
2 changed files with 3 additions and 36 deletions
--- a/libs/libxml2/Makefile
+++ b/libs/libxml2/Makefile
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=libxml2
-PKG_VERSION:=2.9.9
-PKG_RELEASE:=3
+PKG_VERSION:=2.9.10
+PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://xmlsoft.org/sources/
-PKG_HASH:=94fb70890143e3c6549f265cee93ec064c80a84c42ad0f23e85ee1fd6540a871
+PKG_HASH:=aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f

 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=COPYING
--- a/libs/libxml2/patches/CVE-2019-19956.patch
+++ b/libs/libxml2/patches/CVE-2019-19956.patch
@ -1,33 +0,0 @@
-From 5a02583c7e683896d84878bd90641d8d9b0d0549 Mon Sep 17 00:00:00 2001
-From: Zhipeng Xie <xiezhipeng1@huawei.com>
-Date: Wed, 7 Aug 2019 17:39:17 +0800
-Subject: [PATCH] Fix memory leak in xmlParseBalancedChunkMemoryRecover
-
-When doc is NULL, namespace created in xmlTreeEnsureXMLDecl
-is bind to newDoc->oldNs, in this case, set newDoc->oldNs to
-NULL and free newDoc will cause a memory leak.
-
-Found with libFuzzer.
-
-Closes #82.
---
- parser.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index 1ce1ccf14..26d9f4e3b 100644
--- a/parser.c
-+++ b/parser.c
-@@ -13894,7 +13894,8 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax,
-     xmlFreeParserCtxt(ctxt);
-     newDoc->intSubset = NULL;
-     newDoc->extSubset = NULL;
-    newDoc->oldNs = NULL;
-+    if(doc != NULL)
-+	newDoc->oldNs = NULL;
-     xmlFreeDoc(newDoc);
- 
-     return(ret);
-- 
-GitLab
-