Avoid CVE-2022-40303 CVE-2022-40304

2024-11-21 15:12:02 +00:00 · 2023-02-09 12:29:42 -08:00 · 2023-02-09 12:29:42 -08:00 · 59d380c4a2
commit 59d380c4a2
parent 566fb5b9da
3 changed files with 45 additions and 25 deletions
--- a/contrib/libxml2
+++ b/contrib/libxml2
@ -1 +1 @@
-Subproject commit 7846b0a677f8d3ce72486125fa281e92ac9970e8
+Subproject commit f507d167f1755b7eaea09fb1a44d29aab828b6d1
--- a/contrib/libxml2-cmake/CMakeLists.txt
+++ b/contrib/libxml2-cmake/CMakeLists.txt
@ -24,7 +24,6 @@ set(SRCS
    "${LIBXML2_SOURCE_DIR}/xinclude.c"
    "${LIBXML2_SOURCE_DIR}/nanohttp.c"
    "${LIBXML2_SOURCE_DIR}/nanoftp.c"
-    "${LIBXML2_SOURCE_DIR}/DOCBparser.c"
    "${LIBXML2_SOURCE_DIR}/catalog.c"
    "${LIBXML2_SOURCE_DIR}/globals.c"
    "${LIBXML2_SOURCE_DIR}/threads.c"
@ -36,7 +35,6 @@ set(SRCS
    "${LIBXML2_SOURCE_DIR}/xmlschemastypes.c"
    "${LIBXML2_SOURCE_DIR}/xmlunicode.c"
    "${LIBXML2_SOURCE_DIR}/triostr.c"
-    #"${LIBXML2_SOURCE_DIR}/trio.c"
    "${LIBXML2_SOURCE_DIR}/xmlreader.c"
    "${LIBXML2_SOURCE_DIR}/relaxng.c"
    "${LIBXML2_SOURCE_DIR}/dict.c"
--- a/contrib/libxml2-cmake/linux_x86_64/include/libxml/xmlversion.h
+++ b/contrib/libxml2-cmake/linux_x86_64/include/libxml/xmlversion.h
@ -1,6 +1,6 @@
 /*
- * Summary: compile-time version informations
- * Description: compile-time version informations for the XML library
+ * Summary: compile-time version information
+ * Description: compile-time version information for the XML library
 *
 * Copy: See Copyright for the status of this software.
 *
@ -29,28 +29,28 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version);
 *
 * the version string like "1.2.3"
 */
-#define LIBXML_DOTTED_VERSION "2.9.8"
+#define LIBXML_DOTTED_VERSION "2.10.3"

 /**
 * LIBXML_VERSION:
 *
 * the version number: 1.2.3 value is 10203
 */
-#define LIBXML_VERSION 20908
+#define LIBXML_VERSION 21003

 /**
 * LIBXML_VERSION_STRING:
 *
 * the version number string, 1.2.3 value is "10203"
 */
-#define LIBXML_VERSION_STRING "20908"
+#define LIBXML_VERSION_STRING "21003"

 /**
 * LIBXML_VERSION_EXTRA:
 *
- * extra version information, used to show a CVS compilation
+ * extra version information, used to show a git commit description
 */
-#define LIBXML_VERSION_EXTRA "-GITv2.9.9-rc2-1-g6fc04d71"
+#define LIBXML_VERSION_EXTRA ""

 /**
 * LIBXML_TEST_VERSION:
@ -58,7 +58,7 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version);
 * Macro to check that the libxml version in use is compatible with
 * the version the software has been compiled against
 */
-#define LIBXML_TEST_VERSION xmlCheckVersion(20908);
+#define LIBXML_TEST_VERSION xmlCheckVersion(21003);

 #ifndef VMS
 #if 0
@ -90,7 +90,9 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version);
 *
 * Whether the thread support is configured in
 */
-#define LIBXML_THREAD_ENABLED 1
+#if 1
+#define LIBXML_THREAD_ENABLED
+#endif

 /**
 * LIBXML_THREAD_ALLOC_ENABLED:
@ -169,7 +171,7 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version);
 *
 * Whether the FTP support is configured in
 */
-#if 1
+#if 0
 #define LIBXML_FTP_ENABLED
 #endif

@ -205,7 +207,7 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version);
 *
 * Whether the deprecated APIs are compiled in for compatibility
 */
-#if 1
+#if 0
 #define LIBXML_LEGACY_ENABLED
 #endif

@ -227,15 +229,6 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version);
 #define LIBXML_CATALOG_ENABLED
 #endif

-/**
- * LIBXML_DOCB_ENABLED:
- *
- * Whether the SGML Docbook support is configured in
- */
-#if 1
-#define LIBXML_DOCB_ENABLED
-#endif
-
 /**
 * LIBXML_XPATH_ENABLED:
 *
@ -254,6 +247,15 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version);
 #define LIBXML_XPTR_ENABLED
 #endif

+/**
+ * LIBXML_XPTR_LOCS_ENABLED:
+ *
+ * Whether support for XPointer locations is configured in
+ */
+#if 0
+#define LIBXML_XPTR_LOCS_ENABLED
+#endif
+
 /**
 * LIBXML_XINCLUDE_ENABLED:
 *
@ -268,7 +270,7 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version);
 *
 * Whether iconv support is available
 */
-#if 0
+#if 1
 #define LIBXML_ICONV_ENABLED
 #endif

@ -348,8 +350,10 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version);
 * LIBXML_EXPR_ENABLED:
 *
 * Whether the formal expressions interfaces are compiled in
+ *
+ * This code is unused and disabled unconditionally for now.
 */
-#if 1
+#if 0
 #define LIBXML_EXPR_ENABLED
 #endif

@ -452,6 +456,15 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version);
 # define LIBXML_ATTR_FORMAT(fmt,args)
 #endif

+#ifndef XML_DEPRECATED
+#  ifdef IN_LIBXML
+#    define XML_DEPRECATED
+#  else
+/* Available since at least GCC 3.1 */
+#    define XML_DEPRECATED __attribute__((deprecated))
+#  endif
+#endif
+
 #else /* ! __GNUC__ */
 /**
 * ATTRIBUTE_UNUSED:
@ -471,6 +484,15 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version);
 * Macro used to indicate to GCC the parameter are printf like
 */
 #define LIBXML_ATTR_FORMAT(fmt,args)
+/**
+ * XML_DEPRECATED:
+ *
+ * Macro used to indicate that a function, variable, type or struct member
+ * is deprecated.
+ */
+#ifndef XML_DEPRECATED
+#define XML_DEPRECATED
+#endif
 #endif /* __GNUC__ */

 #ifdef __cplusplus