From 59d380c4a2a1f0417a9b3fceb0e725728cf45027 Mon Sep 17 00:00:00 2001 From: Larry Luo Date: Thu, 9 Feb 2023 12:29:42 -0800 Subject: [PATCH] Avoid CVE-2022-40303 CVE-2022-40304 --- contrib/libxml2 | 2 +- contrib/libxml2-cmake/CMakeLists.txt | 2 - .../linux_x86_64/include/libxml/xmlversion.h | 66 ++++++++++++------- 3 files changed, 45 insertions(+), 25 deletions(-) diff --git a/contrib/libxml2 b/contrib/libxml2 index 7846b0a677f..f507d167f17 160000 --- a/contrib/libxml2 +++ b/contrib/libxml2 @@ -1 +1 @@ -Subproject commit 7846b0a677f8d3ce72486125fa281e92ac9970e8 +Subproject commit f507d167f1755b7eaea09fb1a44d29aab828b6d1 diff --git a/contrib/libxml2-cmake/CMakeLists.txt b/contrib/libxml2-cmake/CMakeLists.txt index a84936f8e3a..b7b3f7037ec 100644 --- a/contrib/libxml2-cmake/CMakeLists.txt +++ b/contrib/libxml2-cmake/CMakeLists.txt @@ -24,7 +24,6 @@ set(SRCS "${LIBXML2_SOURCE_DIR}/xinclude.c" "${LIBXML2_SOURCE_DIR}/nanohttp.c" "${LIBXML2_SOURCE_DIR}/nanoftp.c" - "${LIBXML2_SOURCE_DIR}/DOCBparser.c" "${LIBXML2_SOURCE_DIR}/catalog.c" "${LIBXML2_SOURCE_DIR}/globals.c" "${LIBXML2_SOURCE_DIR}/threads.c" @@ -36,7 +35,6 @@ set(SRCS "${LIBXML2_SOURCE_DIR}/xmlschemastypes.c" "${LIBXML2_SOURCE_DIR}/xmlunicode.c" "${LIBXML2_SOURCE_DIR}/triostr.c" - #"${LIBXML2_SOURCE_DIR}/trio.c" "${LIBXML2_SOURCE_DIR}/xmlreader.c" "${LIBXML2_SOURCE_DIR}/relaxng.c" "${LIBXML2_SOURCE_DIR}/dict.c" diff --git a/contrib/libxml2-cmake/linux_x86_64/include/libxml/xmlversion.h b/contrib/libxml2-cmake/linux_x86_64/include/libxml/xmlversion.h index 52f62214324..9eabfaa50c8 100644 --- a/contrib/libxml2-cmake/linux_x86_64/include/libxml/xmlversion.h +++ b/contrib/libxml2-cmake/linux_x86_64/include/libxml/xmlversion.h @@ -1,6 +1,6 @@ /* - * Summary: compile-time version informations - * Description: compile-time version informations for the XML library + * Summary: compile-time version information + * Description: compile-time version information for the XML library * * Copy: See Copyright for the status of this software. * @@ -29,28 +29,28 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); * * the version string like "1.2.3" */ -#define LIBXML_DOTTED_VERSION "2.9.8" +#define LIBXML_DOTTED_VERSION "2.10.3" /** * LIBXML_VERSION: * * the version number: 1.2.3 value is 10203 */ -#define LIBXML_VERSION 20908 +#define LIBXML_VERSION 21003 /** * LIBXML_VERSION_STRING: * * the version number string, 1.2.3 value is "10203" */ -#define LIBXML_VERSION_STRING "20908" +#define LIBXML_VERSION_STRING "21003" /** * LIBXML_VERSION_EXTRA: * - * extra version information, used to show a CVS compilation + * extra version information, used to show a git commit description */ -#define LIBXML_VERSION_EXTRA "-GITv2.9.9-rc2-1-g6fc04d71" +#define LIBXML_VERSION_EXTRA "" /** * LIBXML_TEST_VERSION: @@ -58,7 +58,7 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); * Macro to check that the libxml version in use is compatible with * the version the software has been compiled against */ -#define LIBXML_TEST_VERSION xmlCheckVersion(20908); +#define LIBXML_TEST_VERSION xmlCheckVersion(21003); #ifndef VMS #if 0 @@ -90,7 +90,9 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); * * Whether the thread support is configured in */ -#define LIBXML_THREAD_ENABLED 1 +#if 1 +#define LIBXML_THREAD_ENABLED +#endif /** * LIBXML_THREAD_ALLOC_ENABLED: @@ -169,7 +171,7 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); * * Whether the FTP support is configured in */ -#if 1 +#if 0 #define LIBXML_FTP_ENABLED #endif @@ -205,7 +207,7 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); * * Whether the deprecated APIs are compiled in for compatibility */ -#if 1 +#if 0 #define LIBXML_LEGACY_ENABLED #endif @@ -227,15 +229,6 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); #define LIBXML_CATALOG_ENABLED #endif -/** - * LIBXML_DOCB_ENABLED: - * - * Whether the SGML Docbook support is configured in - */ -#if 1 -#define LIBXML_DOCB_ENABLED -#endif - /** * LIBXML_XPATH_ENABLED: * @@ -254,6 +247,15 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); #define LIBXML_XPTR_ENABLED #endif +/** + * LIBXML_XPTR_LOCS_ENABLED: + * + * Whether support for XPointer locations is configured in + */ +#if 0 +#define LIBXML_XPTR_LOCS_ENABLED +#endif + /** * LIBXML_XINCLUDE_ENABLED: * @@ -268,7 +270,7 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); * * Whether iconv support is available */ -#if 0 +#if 1 #define LIBXML_ICONV_ENABLED #endif @@ -348,8 +350,10 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); * LIBXML_EXPR_ENABLED: * * Whether the formal expressions interfaces are compiled in + * + * This code is unused and disabled unconditionally for now. */ -#if 1 +#if 0 #define LIBXML_EXPR_ENABLED #endif @@ -452,6 +456,15 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); # define LIBXML_ATTR_FORMAT(fmt,args) #endif +#ifndef XML_DEPRECATED +# ifdef IN_LIBXML +# define XML_DEPRECATED +# else +/* Available since at least GCC 3.1 */ +# define XML_DEPRECATED __attribute__((deprecated)) +# endif +#endif + #else /* ! __GNUC__ */ /** * ATTRIBUTE_UNUSED: @@ -471,6 +484,15 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); * Macro used to indicate to GCC the parameter are printf like */ #define LIBXML_ATTR_FORMAT(fmt,args) +/** + * XML_DEPRECATED: + * + * Macro used to indicate that a function, variable, type or struct member + * is deprecated. + */ +#ifndef XML_DEPRECATED +#define XML_DEPRECATED +#endif #endif /* __GNUC__ */ #ifdef __cplusplus