[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/

[Aaron Bauman]

commit:     060503be258912e25b6da77ca79d450553ed0be3
Author:     Aaron Bauman <bman <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  2 06:40:16 2017 +0000
Commit:     Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Mon Jan  2 06:40:59 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=060503be

dev-libs/libxml2: security bump to -r1 wrt bugs 589816, 597112, 597114, 597116 in coordination with leio

 .../files/libxml2-2.9.4-CVE-2016-4658.patch        | 249 +++++++++++++++++++++
 .../files/libxml2-2.9.4-CVE-2016-5131.patch        | 174 ++++++++++++++
 .../libxml2/files/libxml2-2.9.4-nullptrderef.patch |  50 +++++
 .../files/libxml2-2.9.4-nullptrderef2.patch        |  57 +++++
 dev-libs/libxml2/libxml2-2.9.4-r1.ebuild           | 220 ++++++++++++++++++
 5 files changed, 750 insertions(+)

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch
new file mode 100644
index 00000000..2ef22ce
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch
@@ -0,0 +1,249 @@
+From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 28 Jun 2016 18:34:52 +0200
+Subject: Disallow namespace nodes in XPointer ranges
+
+Namespace nodes must be copied to avoid use-after-free errors.
+But they don't necessarily have a physical representation in a
+document, so simply disallow them in XPointer ranges.
+
+Found with afl-fuzz.
+
+Fixes CVE-2016-4658.
+---
+ xpointer.c | 149 +++++++++++++++++++++++--------------------------------------
+ 1 file changed, 56 insertions(+), 93 deletions(-)
+
+diff --git a/xpointer.c b/xpointer.c
+index a7b03fb..694d120 100644
+--- a/xpointer.c
++++ b/xpointer.c
+@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
+ }
+ 
+ /**
++ * xmlXPtrNewRangeInternal:
++ * @start:  the starting node
++ * @startindex:  the start index
++ * @end:  the ending point
++ * @endindex:  the ending index
++ *
++ * Internal function to create a new xmlXPathObjectPtr of type range
++ *
++ * Returns the newly created object.
++ */
++static xmlXPathObjectPtr
++xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
++                        xmlNodePtr end, int endindex) {
++    xmlXPathObjectPtr ret;
++
++    /*
++     * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
++     * Disallow them for now.
++     */
++    if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
++	return(NULL);
++    if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
++	return(NULL);
++
++    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
++    if (ret == NULL) {
++        xmlXPtrErrMemory("allocating range");
++	return(NULL);
++    }
++    memset(ret, 0, sizeof(xmlXPathObject));
++    ret->type = XPATH_RANGE;
++    ret->user = start;
++    ret->index = startindex;
++    ret->user2 = end;
++    ret->index2 = endindex;
++    return(ret);
++}
++
++/**
+  * xmlXPtrNewRange:
+  * @start:  the starting node
+  * @startindex:  the start index
+@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
+     if (endindex < 0)
+ 	return(NULL);
+ 
+-    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+-    if (ret == NULL) {
+-        xmlXPtrErrMemory("allocating range");
+-	return(NULL);
+-    }
+-    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+-    ret->type = XPATH_RANGE;
+-    ret->user = start;
+-    ret->index = startindex;
+-    ret->user2 = end;
+-    ret->index2 = endindex;
++    ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
+     xmlXPtrRangeCheckOrder(ret);
+     return(ret);
+ }
+@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
+     if (end->type != XPATH_POINT)
+ 	return(NULL);
+ 
+-    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+-    if (ret == NULL) {
+-        xmlXPtrErrMemory("allocating range");
+-	return(NULL);
+-    }
+-    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+-    ret->type = XPATH_RANGE;
+-    ret->user = start->user;
+-    ret->index = start->index;
+-    ret->user2 = end->user;
+-    ret->index2 = end->index;
++    ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
++                                  end->index);
+     xmlXPtrRangeCheckOrder(ret);
+     return(ret);
+ }
+@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
+     if (start->type != XPATH_POINT)
+ 	return(NULL);
+ 
+-    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+-    if (ret == NULL) {
+-        xmlXPtrErrMemory("allocating range");
+-	return(NULL);
+-    }
+-    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+-    ret->type = XPATH_RANGE;
+-    ret->user = start->user;
+-    ret->index = start->index;
+-    ret->user2 = end;
+-    ret->index2 = -1;
++    ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
+     xmlXPtrRangeCheckOrder(ret);
+     return(ret);
+ }
+@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
+     if (end->type != XPATH_POINT)
+ 	return(NULL);
+ 
+-    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+-    if (ret == NULL) {
+-        xmlXPtrErrMemory("allocating range");
+-	return(NULL);
+-    }
+-    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+-    ret->type = XPATH_RANGE;
+-    ret->user = start;
+-    ret->index = -1;
+-    ret->user2 = end->user;
+-    ret->index2 = end->index;
++    ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
+     xmlXPtrRangeCheckOrder(ret);
+     return(ret);
+ }
+@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
+     if (end == NULL)
+ 	return(NULL);
+ 
+-    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+-    if (ret == NULL) {
+-        xmlXPtrErrMemory("allocating range");
+-	return(NULL);
+-    }
+-    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+-    ret->type = XPATH_RANGE;
+-    ret->user = start;
+-    ret->index = -1;
+-    ret->user2 = end;
+-    ret->index2 = -1;
++    ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
+     xmlXPtrRangeCheckOrder(ret);
+     return(ret);
+ }
+@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
+     if (start == NULL)
+ 	return(NULL);
+ 
+-    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+-    if (ret == NULL) {
+-        xmlXPtrErrMemory("allocating range");
+-	return(NULL);
+-    }
+-    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+-    ret->type = XPATH_RANGE;
+-    ret->user = start;
+-    ret->index = -1;
+-    ret->user2 = NULL;
+-    ret->index2 = -1;
++    ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
+     return(ret);
+ }
+ 
+@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
+  */
+ xmlXPathObjectPtr
+ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
++    xmlNodePtr endNode;
++    int endIndex;
+     xmlXPathObjectPtr ret;
+ 
+     if (start == NULL)
+@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
+ 	return(NULL);
+     switch (end->type) {
+ 	case XPATH_POINT:
++	    endNode = end->user;
++	    endIndex = end->index;
++	    break;
+ 	case XPATH_RANGE:
++	    endNode = end->user2;
++	    endIndex = end->index2;
+ 	    break;
+ 	case XPATH_NODESET:
+ 	    /*
+@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
+ 	     */
+ 	    if (end->nodesetval->nodeNr <= 0)
+ 		return(NULL);
++	    endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
++	    endIndex = -1;
+ 	    break;
+ 	default:
+ 	    /* TODO */
+ 	    return(NULL);
+     }
+ 
+-    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+-    if (ret == NULL) {
+-        xmlXPtrErrMemory("allocating range");
+-	return(NULL);
+-    }
+-    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+-    ret->type = XPATH_RANGE;
+-    ret->user = start;
+-    ret->index = -1;
+-    switch (end->type) {
+-	case XPATH_POINT:
+-	    ret->user2 = end->user;
+-	    ret->index2 = end->index;
+-	    break;
+-	case XPATH_RANGE:
+-	    ret->user2 = end->user2;
+-	    ret->index2 = end->index2;
+-	    break;
+-	case XPATH_NODESET: {
+-	    ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
+-	    ret->index2 = -1;
+-	    break;
+-	}
+-	default:
+-	    STRANGE
+-	    return(NULL);
+-    }
++    ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
+     xmlXPtrRangeCheckOrder(ret);
+     return(ret);
+ }
+-- 
+cgit v0.12
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch
new file mode 100644
index 00000000..9ce3fb9
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch
@@ -0,0 +1,174 @@
+From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 28 Jun 2016 14:22:23 +0200
+Subject: Fix XPointer paths beginning with range-to
+
+The old code would invoke the broken xmlXPtrRangeToFunction. range-to
+isn't really a function but a special kind of location step. Remove
+this function and always handle range-to in the XPath code.
+
+The old xmlXPtrRangeToFunction could also be abused to trigger a
+use-after-free error with the potential for remote code execution.
+
+Found with afl-fuzz.
+
+Fixes CVE-2016-5131.
+---
+ result/XPath/xptr/vidbase | 13 ++++++++
+ test/XPath/xptr/vidbase   |  1 +
+ xpath.c                   |  7 ++++-
+ xpointer.c                | 76 ++++-------------------------------------------
+ 4 files changed, 26 insertions(+), 71 deletions(-)
+
+diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
+index 8b9e92d..f19193e 100644
+--- a/result/XPath/xptr/vidbase
++++ b/result/XPath/xptr/vidbase
+@@ -17,3 +17,16 @@ Object is a Location Set:
+   To node
+     ELEMENT p
+ 
++
++========================
++Expression: xpointer(range-to(id('chapter2')))
++Object is a Location Set:
++1 :   Object is a range :
++  From node
++     /
++  To node
++    ELEMENT chapter
++      ATTRIBUTE id
++        TEXT
++          content=chapter2
++
+diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
+index b146383..884b106 100644
+--- a/test/XPath/xptr/vidbase
++++ b/test/XPath/xptr/vidbase
+@@ -1,2 +1,3 @@
+ xpointer(id('chapter1')/p)
+ xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
++xpointer(range-to(id('chapter2')))
+diff --git a/xpath.c b/xpath.c
+index d992841..5a01b1b 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
+ 		    lc = 1;
+ 		    break;
+ 		} else if ((NXT(len) == '(')) {
+-		    /* Note Type or Function */
++		    /* Node Type or Function */
+ 		    if (xmlXPathIsNodeType(name)) {
+ #ifdef DEBUG_STEP
+ 		        xmlGenericError(xmlGenericErrorContext,
+ 				"PathExpr: Type search\n");
+ #endif
+ 			lc = 1;
++#ifdef LIBXML_XPTR_ENABLED
++                    } else if (ctxt->xptr &&
++                               xmlStrEqual(name, BAD_CAST "range-to")) {
++                        lc = 1;
++#endif
+ 		    } else {
+ #ifdef DEBUG_STEP
+ 		        xmlGenericError(xmlGenericErrorContext,
+diff --git a/xpointer.c b/xpointer.c
+index 676c510..d74174a 100644
+--- a/xpointer.c
++++ b/xpointer.c
+@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
+     ret->here = here;
+     ret->origin = origin;
+ 
+-    xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
+-	                 xmlXPtrRangeToFunction);
+     xmlXPathRegisterFunc(ret, (xmlChar *)"range",
+ 	                 xmlXPtrRangeFunction);
+     xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
+@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+  * @nargs:  the number of args
+  *
+  * Implement the range-to() XPointer function
++ *
++ * Obsolete. range-to is not a real function but a special type of location
++ * step which is handled in xpath.c.
+  */
+ void
+-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+-    xmlXPathObjectPtr range;
+-    const xmlChar *cur;
+-    xmlXPathObjectPtr res, obj;
+-    xmlXPathObjectPtr tmp;
+-    xmlLocationSetPtr newset = NULL;
+-    xmlNodeSetPtr oldset;
+-    int i;
+-
+-    if (ctxt == NULL) return;
+-    CHECK_ARITY(1);
+-    /*
+-     * Save the expression pointer since we will have to evaluate
+-     * it multiple times. Initialize the new set.
+-     */
+-    CHECK_TYPE(XPATH_NODESET);
+-    obj = valuePop(ctxt);
+-    oldset = obj->nodesetval;
+-    ctxt->context->node = NULL;
+-
+-    cur = ctxt->cur;
+-    newset = xmlXPtrLocationSetCreate(NULL);
+-
+-    for (i = 0; i < oldset->nodeNr; i++) {
+-	ctxt->cur = cur;
+-
+-	/*
+-	 * Run the evaluation with a node list made of a single item
+-	 * in the nodeset.
+-	 */
+-	ctxt->context->node = oldset->nodeTab[i];
+-	tmp = xmlXPathNewNodeSet(ctxt->context->node);
+-	valuePush(ctxt, tmp);
+-
+-	xmlXPathEvalExpr(ctxt);
+-	CHECK_ERROR;
+-
+-	/*
+-	 * The result of the evaluation need to be tested to
+-	 * decided whether the filter succeeded or not
+-	 */
+-	res = valuePop(ctxt);
+-	range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
+-	if (range != NULL) {
+-	    xmlXPtrLocationSetAdd(newset, range);
+-	}
+-
+-	/*
+-	 * Cleanup
+-	 */
+-	if (res != NULL)
+-	    xmlXPathFreeObject(res);
+-	if (ctxt->value == tmp) {
+-	    res = valuePop(ctxt);
+-	    xmlXPathFreeObject(res);
+-	}
+-
+-	ctxt->context->node = NULL;
+-    }
+-
+-    /*
+-     * The result is used as the new evaluation set.
+-     */
+-    xmlXPathFreeObject(obj);
+-    ctxt->context->node = NULL;
+-    ctxt->context->contextSize = -1;
+-    ctxt->context->proximityPosition = -1;
+-    valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
++xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
++                       int nargs ATTRIBUTE_UNUSED) {
++    XP_ERROR(XPATH_EXPR_ERROR);
+ }
+ 
+ /**
+-- 
+cgit v0.12
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch
new file mode 100644
index 00000000..d2a9c3e
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch
@@ -0,0 +1,50 @@
+From e905f08123e4a6e7731549e6f09dadff4cab65bd Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 26 Jun 2016 12:38:28 +0200
+Subject: Fix more NULL pointer derefs in xpointer.c
+
+Found with afl-fuzz.
+---
+ xpointer.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/xpointer.c b/xpointer.c
+index 694d120..e643ee9 100644
+--- a/xpointer.c
++++ b/xpointer.c
+@@ -542,7 +542,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
+ 	    /*
+ 	     * Empty set ...
+ 	     */
+-	    if (end->nodesetval->nodeNr <= 0)
++	    if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
+ 		return(NULL);
+ 	    endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
+ 	    endIndex = -1;
+@@ -1361,7 +1361,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
+ 		     */
+ 		    xmlNodeSetPtr set;
+ 		    set = tmp->nodesetval;
+-		    if ((set->nodeNr != 1) ||
++		    if ((set == NULL) || (set->nodeNr != 1) ||
+ 			(set->nodeTab[0] != (xmlNodePtr) ctx->doc))
+ 			stack++;
+ 		} else
+@@ -2034,9 +2034,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+ 	xmlXPathFreeObject(set);
+         XP_ERROR(XPATH_MEMORY_ERROR);
+     }
+-    for (i = 0;i < oldset->locNr;i++) {
+-	xmlXPtrLocationSetAdd(newset,
+-		xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
++    if (oldset != NULL) {
++        for (i = 0;i < oldset->locNr;i++) {
++            xmlXPtrLocationSetAdd(newset,
++                    xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
++        }
+     }
+ 
+     /*
+-- 
+cgit v0.12
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch
new file mode 100644
index 00000000..2484f76
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch
@@ -0,0 +1,57 @@
+From d8083bf77955b7879c1290f0c0a24ab8cc70f7fb Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 25 Jun 2016 12:35:50 +0200
+Subject: Fix NULL pointer deref in XPointer range-to
+
+- Check for errors after evaluating first operand.
+- Add sanity check for empty stack.
+
+Found with afl-fuzz.
+---
+ result/XPath/xptr/viderror | 4 ++++
+ test/XPath/xptr/viderror   | 1 +
+ xpath.c                    | 7 ++++++-
+ 3 files changed, 11 insertions(+), 1 deletion(-)
+ create mode 100644 result/XPath/xptr/viderror
+ create mode 100644 test/XPath/xptr/viderror
+
+diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
+new file mode 100644
+index 0000000..d589882
+--- /dev/null
++++ b/result/XPath/xptr/viderror
+@@ -0,0 +1,4 @@
++
++========================
++Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
++Object is empty (NULL)
+diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
+new file mode 100644
+index 0000000..da8c53b
+--- /dev/null
++++ b/test/XPath/xptr/viderror
+@@ -0,0 +1 @@
++xpointer(non-existing-fn()/range-to(id('chapter2')))
+diff --git a/xpath.c b/xpath.c
+index 113bce6..751665b 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
+                 xmlNodeSetPtr oldset;
+                 int i, j;
+ 
+-                if (op->ch1 != -1)
++                if (op->ch1 != -1) {
+                     total +=
+                         xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
++                    CHECK_ERROR0;
++                }
++                if (ctxt->value == NULL) {
++                    XP_ERROR0(XPATH_INVALID_OPERAND);
++                }
+                 if (op->ch2 == -1)
+                     return (total);
+ 
+-- 
+cgit v0.12
+

diff --git a/dev-libs/libxml2/libxml2-2.9.4-r1.ebuild b/dev-libs/libxml2/libxml2-2.9.4-r1.ebuild
new file mode 100644
index 00000000..642f22d
--- /dev/null
+++ b/dev-libs/libxml2/libxml2-2.9.4-r1.ebuild
@@ -0,0 +1,220 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+PYTHON_COMPAT=( python2_7 python3_{4,5} )
+PYTHON_REQ_USE="xml"
+
+inherit libtool flag-o-matic eutils python-r1 autotools prefix multilib-minimal
+
+DESCRIPTION="Version 2 of the library to manipulate XML files"
+HOMEPAGE="http://www.xmlsoft.org/"
+
+LICENSE="MIT"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="debug examples icu ipv6 lzma python readline static-libs test"
+
+XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
+XSTS_NAME_1="xmlschema2002-01-16"
+XSTS_NAME_2="xmlschema2004-01-14"
+XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
+XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
+XMLCONF_TARBALL="xmlts20080827.tar.gz"
+
+SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
+	test? (
+		${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
+		${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
+		http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )"
+
+RDEPEND="
+	>=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+	icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+	python? ( ${PYTHON_DEPS} )
+	readline? ( sys-libs/readline:= )
+"
+DEPEND="${EDEPEND}
+	dev-util/gtk-doc-am
+	virtual/pkgconfig
+	hppa? ( >=sys-devel/binutils-2.15.92.0.2 )
+"
+
+S="${WORKDIR}/${PN}-${PV%_rc*}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/xml2-config
+)
+
+src_unpack() {
+	# ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR,
+	# as they are needed as tarballs in ${S}/xstc instead and not unpacked
+	unpack ${P/_rc/-rc}.tar.gz
+	cd "${S}"
+
+	if use test; then
+		cp "${DISTDIR}/${XSTS_TARBALL_1}" \
+			"${DISTDIR}/${XSTS_TARBALL_2}" \
+			"${S}"/xstc/ \
+			|| die "Failed to install test tarballs"
+		unpack ${XMLCONF_TARBALL}
+	fi
+}
+
+src_prepare() {
+	default
+
+	DOCS=( AUTHORS ChangeLog NEWS README* TODO* )
+
+	# Patches needed for prefix support
+	eapply "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
+
+	eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
+
+	# Fix build for Windows platform
+	# https://bugzilla.gnome.org/show_bug.cgi?id=760456
+	eapply "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
+
+	# Disable programs that we don't actually install.
+	# https://bugzilla.gnome.org/show_bug.cgi?id=760457
+	eapply "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
+
+	# Fix python detection, bug #567066
+	# https://bugzilla.gnome.org/show_bug.cgi?id=760458
+	eapply "${FILESDIR}"/${PN}-2.9.2-python-ABIFLAG.patch
+
+	# Apply latest round of security patches wrt bugs 
+	# 589816, 597112, 597114, 597116.  This will be included
+	# in the next upstream release
+	eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-4658.patch
+	eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-5131.patch
+	eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef.patch
+	eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef2.patch
+
+	# Avoid final linking arguments for python modules
+	if [[ ${CHOST} == *-darwin* ]] ; then
+		sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die
+	fi
+
+	# Please do not remove, as else we get references to PORTAGE_TMPDIR
+	# in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+	# We now need to run eautoreconf at the end to prevent maintainer mode.
+#	elibtoolize
+#	epunt_cxx # if we don't eautoreconf
+
+	eautoreconf
+}
+
+multilib_src_configure() {
+	# filter seemingly problematic CFLAGS (#26320)
+	filter-flags -fprefetch-loop-arrays -funroll-loops
+
+	# USE zlib support breaks gnome2
+	# (libgnomeprint for instance fails to compile with
+	# fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
+
+	# The meaning of the 'debug' USE flag does not apply to the --with-debug
+	# switch (enabling the libxml2 debug module). See bug #100898.
+
+	# --with-mem-debug causes unusual segmentation faults (bug #105120).
+
+	libxml2_configure() {
+		ECONF_SOURCE="${S}" econf \
+			--with-html-subdir=${PF}/html \
+			$(use_with debug run-debug) \
+			$(use_with icu) \
+			$(use_with lzma) \
+			$(use_enable ipv6) \
+			$(use_enable static-libs static) \
+			$(multilib_native_use_with readline) \
+			$(multilib_native_use_with readline history) \
+			"$@"
+	}
+
+	libxml2_py_configure() {
+		mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist
+		run_in_build_dir libxml2_configure "--with-python=${ROOT%/}${PYTHON}" # odd build system, also see bug #582130
+	}
+
+	libxml2_configure --without-python # build python bindings separately
+
+	if multilib_is_native_abi && use python; then
+		python_foreach_impl libxml2_py_configure
+	fi
+}
+
+multilib_src_compile() {
+	default
+	if multilib_is_native_abi && use python; then
+		local native_builddir=${BUILD_DIR}
+		python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all
+	fi
+}
+
+multilib_src_test() {
+	default
+	multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" \
+		EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install
+
+	if multilib_is_native_abi && use python; then
+		python_foreach_impl libxml2_py_emake \
+			DESTDIR="${D}" \
+			docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \
+			exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \
+			install
+		python_foreach_impl python_optimize
+	fi
+}
+
+multilib_src_install_all() {
+	# on windows, xmllint is installed by interix libxml2 in parent prefix.
+	# this is the version to use. the native winnt version does not support
+	# symlinks, which makes repoman fail if the portage tree is linked in
+	# from another location (which is my default). -- mduft
+	if [[ ${CHOST} == *-winnt* ]]; then
+		rm -rf "${ED}"/usr/bin/xmllint
+		rm -rf "${ED}"/usr/bin/xmlcatalog
+	fi
+
+	rm -rf "${ED}"/usr/share/doc/${P}
+	einstalldocs
+
+	if ! use examples; then
+		rm -rf "${ED}"/usr/share/doc/${PF}/examples
+		rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
+	fi
+
+	prune_libtool_files --modules
+}
+
+pkg_postinst() {
+	# We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
+	# be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
+	if [[ "${ROOT}" != "/" ]]; then
+		elog "Skipping XML catalog creation for stage building (bug #208887)."
+	else
+		# need an XML catalog, so no-one writes to a non-existent one
+		CATALOG="${EROOT}etc/xml/catalog"
+
+		# we dont want to clobber an existing catalog though,
+		# only ensure that one is there
+		# <obz@gentoo.org>
+		if [[ ! -e ${CATALOG} ]]; then
+			[[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml"
+			"${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
+			einfo "Created XML catalog in ${CATALOG}"
+		fi
+	fi
+}
+
+libxml2_py_emake() {
+	pushd "${BUILD_DIR}/python" > /dev/null || die
+	emake "$@"
+	popd > /dev/null
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/

[Sam James]

commit:     719f8cddede04669939001c30524c53c141f79c4
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 10 21:10:54 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Nov 10 21:10:54 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=719f8cdd

dev-libs/libxml2: add 2.12.9

Bug: https://bugs.gentoo.org/943198
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../libxml2/files/libxml2-2.12.9-icu-pkgconfig.patch | 20 ++++++++++++++++++++
 dev-libs/libxml2/libxml2-2.12.9.ebuild               |  2 +-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/dev-libs/libxml2/files/libxml2-2.12.9-icu-pkgconfig.patch b/dev-libs/libxml2/files/libxml2-2.12.9-icu-pkgconfig.patch
new file mode 100644
index 000000000000..d00f37bfb681
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.12.9-icu-pkgconfig.patch
@@ -0,0 +1,20 @@
+Needed with icu-76.1 at least. Not clear why it worked before.
+
+/var/tmp/portage/dev-libs/libxml2-2.11.9/work/libxml2-2.11.9-abi_x86_32.x86/.libs/runtest:
+  symbol lookup error: /var/tmp/portage/dev-libs/libxml2-2.11.9/work/libxml2-2.11.9-abi_x86_32.x86/.libs/libxml2.so.2: undefined symbol: UCNV_FROM_U_CALLBACK_STOP
+--- a/configure.ac
++++ b/configure.ac
+@@ -1108,10 +1108,10 @@ if test "$with_icu" = "no" || test "$with_icu" = "" ; then
+ else
+     # Try pkg-config first so that static linking works.
+     # If this succeeeds, we ignore the WITH_ICU directory.
+-    PKG_CHECK_MODULES([ICU], [icu-i18n], [
+-        WITH_ICU=1; XML_PC_REQUIRES="${XML_PC_REQUIRES} icu-i18n"
++    PKG_CHECK_MODULES([ICU], [icu-uc icu-i18n], [
++        WITH_ICU=1; XML_PC_REQUIRES="${XML_PC_REQUIRES} icu-uc icu-i18n"
+         m4_ifdef([PKG_CHECK_VAR],
+-            [PKG_CHECK_VAR([ICU_DEFS], [icu-i18n], [DEFS])])
++            [PKG_CHECK_VAR([ICU_DEFS], [icu-uc icu-i18n], [DEFS])])
+         if test "x$ICU_DEFS" != "x"; then
+             ICU_CFLAGS="$ICU_CFLAGS $ICU_DEFS"
+         fi],[:])

diff --git a/dev-libs/libxml2/libxml2-2.12.9.ebuild b/dev-libs/libxml2/libxml2-2.12.9.ebuild
index 4b3f77ea7ca8..1f7c6270c0cd 100644
--- a/dev-libs/libxml2/libxml2-2.12.9.ebuild
+++ b/dev-libs/libxml2/libxml2-2.12.9.ebuild
@@ -61,7 +61,7 @@ MULTILIB_CHOST_TOOLS=(
 )
 
 PATCHES=(
-	"${FILESDIR}"/${PN}-2.11.9-icu-pkgconfig.patch
+	"${FILESDIR}"/${PN}-2.12.9-icu-pkgconfig.patch
 )
 
 src_unpack() {

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/

[Sam James]

commit:     5d172c4f999dff461c5401bf97ba83f81390dc55
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Oct  8 04:44:50 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Oct  8 04:48:09 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d172c4f

dev-libs/libxml2: fix CVE-2023-45322

Bug: https://bugs.gentoo.org/915351
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/libxml2-2.11.5-CVE-2023-45322.patch      |  71 ++++++++
 dev-libs/libxml2/libxml2-2.11.5-r1.ebuild          | 200 +++++++++++++++++++++
 2 files changed, 271 insertions(+)

diff --git a/dev-libs/libxml2/files/libxml2-2.11.5-CVE-2023-45322.patch b/dev-libs/libxml2/files/libxml2-2.11.5-CVE-2023-45322.patch
new file mode 100644
index 000000000000..190218be3a5e
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.11.5-CVE-2023-45322.patch
@@ -0,0 +1,71 @@
+https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
+https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9
+https://bugs.gentoo.org/915351
+
+From d39f78069dff496ec865c73aa44d7110e429bce9 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 23 Aug 2023 20:24:24 +0200
+Subject: [PATCH] tree: Fix copying of DTDs
+
+- Don't create multiple DTD nodes.
+- Fix UAF if malloc fails.
+- Skip DTD nodes if tree module is disabled.
+
+Fixes #583.
+--- a/tree.c
++++ b/tree.c
+@@ -4471,29 +4471,28 @@ xmlNodePtr
+ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
+     xmlNodePtr ret = NULL;
+     xmlNodePtr p = NULL,q;
++    xmlDtdPtr newSubset = NULL;
+ 
+     while (node != NULL) {
+-#ifdef LIBXML_TREE_ENABLED
+ 	if (node->type == XML_DTD_NODE ) {
+-	    if (doc == NULL) {
++#ifdef LIBXML_TREE_ENABLED
++	    if ((doc == NULL) || (doc->intSubset != NULL)) {
+ 		node = node->next;
+ 		continue;
+ 	    }
+-	    if (doc->intSubset == NULL) {
+-		q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node );
+-		if (q == NULL) goto error;
+-		q->doc = doc;
+-		q->parent = parent;
+-		doc->intSubset = (xmlDtdPtr) q;
+-		xmlAddChild(parent, q);
+-	    } else {
+-		q = (xmlNodePtr) doc->intSubset;
+-		xmlAddChild(parent, q);
+-	    }
+-	} else
++            q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node );
++            if (q == NULL) goto error;
++            q->doc = doc;
++            q->parent = parent;
++            newSubset = (xmlDtdPtr) q;
++#else
++            node = node->next;
++            continue;
+ #endif /* LIBXML_TREE_ENABLED */
++	} else {
+ 	    q = xmlStaticCopyNode(node, doc, parent, 1);
+-	if (q == NULL) goto error;
++	    if (q == NULL) goto error;
++        }
+ 	if (ret == NULL) {
+ 	    q->prev = NULL;
+ 	    ret = p = q;
+@@ -4505,6 +4504,8 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
+ 	}
+ 	node = node->next;
+     }
++    if (newSubset != NULL)
++        doc->intSubset = newSubset;
+     return(ret);
+ error:
+     xmlFreeNodeList(ret);
+-- 
+GitLab

diff --git a/dev-libs/libxml2/libxml2-2.11.5-r1.ebuild b/dev-libs/libxml2/libxml2-2.11.5-r1.ebuild
new file mode 100644
index 000000000000..ad027676e475
--- /dev/null
+++ b/dev-libs/libxml2/libxml2-2.11.5-r1.ebuild
@@ -0,0 +1,200 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Note: Please bump in sync with dev-libs/libxslt
+
+PYTHON_COMPAT=( python3_{10..12} )
+PYTHON_REQ_USE="xml(+)"
+inherit flag-o-matic python-r1 multilib-minimal
+
+XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
+XSTS_NAME_1="xmlschema2002-01-16"
+XSTS_NAME_2="xmlschema2004-01-14"
+XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
+XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
+XMLCONF_TARBALL="xmlts20130923.tar.gz"
+
+DESCRIPTION="XML C parser and toolkit"
+HOMEPAGE="https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home"
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://gitlab.gnome.org/GNOME/libxml2"
+	inherit autotools git-r3
+else
+	inherit gnome.org libtool
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+SRC_URI+="
+	test? (
+		${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
+		${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
+		https://www.w3.org/XML/Test/${XMLCONF_TARBALL}
+	)
+"
+S="${WORKDIR}/${PN}-${PV%_rc*}"
+
+LICENSE="MIT"
+SLOT="2"
+IUSE="debug examples +ftp icu lzma +python readline static-libs test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+RDEPEND="
+	virtual/libiconv
+	>=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+	icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+	python? ( ${PYTHON_DEPS} )
+	readline? ( sys-libs/readline:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+if [[ ${PV} == 9999 ]] ; then
+	BDEPEND+=" dev-util/gtk-doc-am"
+fi
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/xml2-config
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.11.5-CVE-2023-45322.patch
+)
+
+src_unpack() {
+	if [[ ${PV} == 9999 ]] ; then
+		git-r3_src_unpack
+	else
+		local tarname=${P/_rc/-rc}.tar.xz
+
+		# ${A} isn't used to avoid unpacking of test tarballs into ${WORKDIR},
+		# as they are needed as tarballs in ${S}/xstc instead and not unpacked
+		unpack ${tarname}
+
+		if [[ -n ${PATCHSET_VERSION} ]] ; then
+			unpack ${PN}-${PATCHSET_VERSION}.tar.xz
+		fi
+	fi
+
+	cd "${S}" || die
+
+	if use test ; then
+		cp "${DISTDIR}/${XSTS_TARBALL_1}" \
+			"${DISTDIR}/${XSTS_TARBALL_2}" \
+			"${S}"/xstc/ \
+			|| die "Failed to install test tarballs"
+		unpack ${XMLCONF_TARBALL}
+	fi
+}
+
+src_prepare() {
+	default
+
+	if [[ ${PV} == 9999 ]] ; then
+		eautoreconf
+	else
+		# Please do not remove, as else we get references to PORTAGE_TMPDIR
+		# in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+		elibtoolize
+	fi
+}
+
+multilib_src_configure() {
+	# Filter seemingly problematic CFLAGS (bug #26320)
+	filter-flags -fprefetch-loop-arrays -funroll-loops
+
+	# Notes:
+	# The meaning of the 'debug' USE flag does not apply to the --with-debug
+	# switch (enabling the libxml2 debug module). See bug #100898.
+	libxml2_configure() {
+		ECONF_SOURCE="${S}" econf \
+			--enable-ipv6 \
+			$(use_with ftp) \
+			$(use_with debug run-debug) \
+			$(use_with icu) \
+			$(use_with lzma) \
+			$(use_enable static-libs static) \
+			$(multilib_native_use_with readline) \
+			$(multilib_native_use_with readline history) \
+			"$@"
+	}
+
+	# Build python bindings separately
+	libxml2_configure --without-python
+
+	multilib_is_native_abi && use python &&
+		python_foreach_impl run_in_build_dir libxml2_configure --with-python
+}
+
+libxml2_py_emake() {
+	pushd "${BUILD_DIR}"/python >/dev/null || die
+
+	emake top_builddir="${NATIVE_BUILD_DIR}" "$@"
+
+	popd >/dev/null || die
+}
+
+multilib_src_compile() {
+	default
+
+	if multilib_is_native_abi && use python ; then
+		NATIVE_BUILD_DIR="${BUILD_DIR}"
+		python_foreach_impl run_in_build_dir libxml2_py_emake all
+	fi
+}
+
+multilib_src_test() {
+	ln -s "${S}"/xmlconf || die
+
+	emake check
+
+	multilib_is_native_abi && use python &&
+		python_foreach_impl run_in_build_dir libxml2_py_emake check
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+
+	multilib_is_native_abi && use python &&
+		python_foreach_impl run_in_build_dir libxml2_py_emake DESTDIR="${D}" install
+
+	# Hack until automake release is made for the optimise fix
+	# https://git.savannah.gnu.org/cgit/automake.git/commit/?id=bde43d0481ff540418271ac37012a574a4fcf097
+	multilib_is_native_abi && use python && python_foreach_impl python_optimize
+}
+
+multilib_src_install_all() {
+	einstalldocs
+
+	if ! use examples ; then
+		rm -rf "${ED}"/usr/share/doc/${PF}/examples || die
+		rm -rf "${ED}"/usr/share/doc/${PF}/python/examples || die
+	fi
+
+	rm -rf "${ED}"/usr/share/doc/${PN}-python-${PVR} || die
+
+	find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	# We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
+	# be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
+	if [[ -n "${ROOT}" ]]; then
+		elog "Skipping XML catalog creation for stage building (bug #208887)."
+	else
+		# Need an XML catalog, so no-one writes to a non-existent one
+		CATALOG="${EROOT}/etc/xml/catalog"
+
+		# We don't want to clobber an existing catalog though,
+		# only ensure that one is there
+		# <obz@gentoo.org>
+		if [[ ! -e "${CATALOG}" ]]; then
+			[[ -d "${EROOT}/etc/xml" ]] || mkdir -p "${EROOT}/etc/xml"
+			"${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
+			einfo "Created XML catalog in ${CATALOG}"
+		fi
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/

[Sam James]

commit:     8bbbe5e4ec96f6c8b2d2858f9c23fa8a24a797f2
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue May  3 00:38:04 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue May  3 00:39:01 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8bbbe5e4

dev-libs/libxml2: add 2.9.14

Bug: https://bugs.gentoo.org/842261
Closes: https://bugs.gentoo.org/582130
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/libxml2/Manifest                          |  1 +
 .../files/libxml2-2.9.13-testapi-missing-xml.patch |  9 ----
 .../files/libxml2-2.9.8-out-of-tree-test.patch     | 31 +++++++++++++
 .../{libxml2-9999.ebuild => libxml2-2.9.14.ebuild} | 51 +++++++++++++---------
 dev-libs/libxml2/libxml2-9999.ebuild               | 51 +++++++++++++---------
 5 files changed, 92 insertions(+), 51 deletions(-)

diff --git a/dev-libs/libxml2/Manifest b/dev-libs/libxml2/Manifest
index 09beb394762d..ff7171e5e024 100644
--- a/dev-libs/libxml2/Manifest
+++ b/dev-libs/libxml2/Manifest
@@ -1,5 +1,6 @@
 DIST libxml2-2.9.12-r5-patchset.tar.bz2 7231 BLAKE2B d9d0d56ebccbfe234a8af04cc5343c1a02d84fbd998c2373fd48be59cf92807a9417db650a6bb6ba309e101994c4ae2b28edda7bf635c7728eb8b8047d0d3391 SHA512 b2db0fe4595c1559d9f8dc836ee6eee469191f6c490fc95d25d9fa99a544e80858894cc35b6e4a6624a38d0309800540badc929e86ef29950c1107caa4656a14
 DIST libxml2-2.9.13.tar.xz 3243336 BLAKE2B 845a8283cf1ff9fd9f7926cfe0042c042a9de5ed184520d8057f7b33312687d5ff28abdf30dd2674795d78dc80326203a907f9e22cd261805309403ecdd585f5 SHA512 fc51980cb9222bd3b5242f73d28b55fa15a80e68e52e1c45274f1eda11500ed385853209edb3b2a1f06b9de0be304c159a9bd898c7d84b0899eacb00723d98b5
+DIST libxml2-2.9.14.tar.xz 3129968 BLAKE2B ab584503d5209e4aaf41ae6f44aed5e94c0ae29e28cfba39a9012568aa97515af861b47891b84d2a352a07357626ba50ddb1e344e911fa14ff2ce93c5beff1f1 SHA512 d08e6cafb289c499fdc5b3a12181e032a34f7a249bc66758859f964d3e71e19fd69be79921e1a9d8ab1e692d15b13f5fae95eeb10c3236974d89e218f5107606
 DIST xmlts20130923.tar.gz 641522 BLAKE2B 63a47bc69278ef510cd0b3779aed729e1b309e30efa0015d28ed051cc03f9dfddb447ab57b07b3393e8f47393d15473b0e199c34cb1f5f746b15ddfaa55670be SHA512 d5c4d26b324ed21f4e0641cd7f8b76dbf9de80df8b519982e44d41c960df29fd03618e02e9693b2d11ad06d19c4a965274c95a048ec3b9653eacb919a7f8b733
 DIST xsts-2002-01-16.tar.gz 6894439 BLAKE2B 1e9ec63d2c104655e64249e07440a04d862fcbcd4d4e19745d81b34994319b510a531c9d6df1491fae1e90b5d0764f0f1a827251ca8df5d613178b0eab01ef25 SHA512 43300af6d39c1e2221b0ed7318fe14c7464eeb6eb030ed1e22eb29b4ab17f014e2a4c8887c3a46ae5d243e3072da27f00f4e285498ae6f1288177d38d1108288
 DIST xsts-2004-01-14.tar.gz 2761085 BLAKE2B 41545995fb3a65d053257c376c07d45ffd1041a433bfbdb46d4dd87a5afb60c18c8629a3d988323f9e7a1d709775b5a7e5930276a7121c0725a22705c0976e36 SHA512 32854388d7e720ad67156baf50bf2bae7bd878ca3e35fd7e44e57cad3f434f69d56bbbedd61509f8a1faf01c9eae74a078df8fe130780b182c05c05cb1c39ebe

diff --git a/dev-libs/libxml2/files/libxml2-2.9.13-testapi-missing-xml.patch b/dev-libs/libxml2/files/libxml2-2.9.13-testapi-missing-xml.patch
index adbb3db72a5a..fa8e3d392d18 100644
--- a/dev-libs/libxml2/files/libxml2-2.9.13-testapi-missing-xml.patch
+++ b/dev-libs/libxml2/files/libxml2-2.9.13-testapi-missing-xml.patch
@@ -6,12 +6,6 @@ Subject: [PATCH] testapi: remove leading slash from "/missing.xml"
 Fixes an error when running tests in a sandbox on Gentoo Linux.
 
 Bug: https://bugs.gentoo.org/839804
----
- testapi.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/testapi.c b/testapi.c
-index d4258c43..c7a5b163 100644
 --- a/testapi.c
 +++ b/testapi.c
 @@ -442,7 +442,7 @@ static void des_eaten_name(int no ATTRIBUTE_UNUSED, xmlChar *val ATTRIBUTE_UNUSE
@@ -23,6 +17,3 @@ index d4258c43..c7a5b163 100644
      if (no == 1) return("<foo/>");
      if (no == 2) return(REMOTE2GOOD);
      if (no == 3) return(REMOTE1GOOD);
--- 
-2.35.1
-

diff --git a/dev-libs/libxml2/files/libxml2-2.9.8-out-of-tree-test.patch b/dev-libs/libxml2/files/libxml2-2.9.8-out-of-tree-test.patch
new file mode 100644
index 000000000000..468214d0bd8b
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.8-out-of-tree-test.patch
@@ -0,0 +1,31 @@
+https://gitlab.gnome.org/GNOME/libxml2/merge_requests/14
+
+From 54878c018af979b20ca1bfbf12599973484cae5b Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Thu, 3 Jan 2019 05:44:03 -0500
+Subject: [PATCH] fix reader5.py test when building out of tree
+
+When building out of tree, the relative path this test uses doesn't
+work.  Resolve the path relative to the test script itself instead.
+
+Url: https://bugs.gentoo.org/565576
+--- a/python/tests/reader5.py
++++ b/python/tests/reader5.py
+@@ -4,6 +4,7 @@
+ # this extract the Dragon bibliography entries from the XML specification
+ #
+ import libxml2
++import os
+ import sys
+ 
+ # Memory debug specific
+@@ -14,7 +15,8 @@ Ravi Sethi, and Jeffrey D. Ullman.
+ <emph>Compilers:  Principles, Techniques, and Tools</emph>.
+ Reading:  Addison-Wesley, 1986, rpt. corr. 1988.</bibl>"""
+ 
+-f = open('../../test/valid/REC-xml-19980210.xml', 'rb')
++basedir = os.path.dirname(os.path.realpath(__file__))
++f = open(os.path.join(basedir, '../../test/valid/REC-xml-19980210.xml'), 'rb')
+ input = libxml2.inputBuffer(f)
+ reader = input.newTextReader("REC")
+ res=""

diff --git a/dev-libs/libxml2/libxml2-9999.ebuild b/dev-libs/libxml2/libxml2-2.9.14.ebuild
similarity index 80%
copy from dev-libs/libxml2/libxml2-9999.ebuild
copy to dev-libs/libxml2/libxml2-2.9.14.ebuild
index 3ad0604b6f1e..847a7c331d40 100644
--- a/dev-libs/libxml2/libxml2-9999.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.14.ebuild
@@ -7,7 +7,7 @@ EAPI=8
 
 PYTHON_COMPAT=( python3_{8..10} )
 PYTHON_REQ_USE="xml"
-inherit autotools flag-o-matic python-r1 multilib-minimal
+inherit flag-o-matic python-r1 multilib-minimal
 
 XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
 XSTS_NAME_1="xmlschema2002-01-16"
@@ -20,10 +20,10 @@ DESCRIPTION="XML C parser and toolkit"
 HOMEPAGE="http://www.xmlsoft.org/ https://gitlab.gnome.org/GNOME/libxml2"
 if [[ ${PV} == 9999 ]] ; then
 	EGIT_REPO_URI="https://gitlab.gnome.org/GNOME/libxml2"
-	inherit git-r3
+	inherit autotools git-r3
 else
-	inherit gnome.org
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	inherit gnome.org libtool
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 fi
 
 SRC_URI+="
@@ -40,18 +40,17 @@ IUSE="debug examples icu lzma +python readline static-libs test"
 RESTRICT="!test? ( test )"
 REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
 
-BDEPEND="
-	dev-util/gtk-doc-am
-	virtual/pkgconfig
-"
-RDEPEND="
-	>=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+RDEPEND=">=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
 	icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
 	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
 	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-"
+	readline? ( sys-libs/readline:= )"
 DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+if [[ ${PV} == 9999 ]] ; then
+	BDEPEND+=" dev-util/gtk-doc-am"
+fi
 
 MULTILIB_CHOST_TOOLS=(
 	/usr/bin/xml2-config
@@ -59,6 +58,10 @@ MULTILIB_CHOST_TOOLS=(
 
 DOCS=( NEWS README.md TODO TODO_SCHEMAS python/TODO )
 
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.9.8-out-of-tree-test.patch
+)
+
 src_unpack() {
 	if [[ ${PV} == 9999 ]] ; then
 		git-r3_src_unpack
@@ -67,7 +70,11 @@ src_unpack() {
 
 		# ${A} isn't used to avoid unpacking of test tarballs into ${WORKDIR},
 		# as they are needed as tarballs in ${S}/xstc instead and not unpacked
-		unpack ${tarname} ${PN}-${PATCHSET_VERSION}.tar.bz2
+		unpack ${tarname}
+
+		if [[ -n ${PATCHSET_VERSION} ]] ; then
+			unpack ${PN}-${PATCHSET_VERSION}.tar.bz2
+		fi
 	fi
 
 	cd "${S}" || die
@@ -84,22 +91,22 @@ src_unpack() {
 src_prepare() {
 	default
 
-	# Please do not remove, as else we get references to PORTAGE_TMPDIR
-	# in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
-	# We now need to run eautoreconf at the end to prevent maintainer mode.
-	#elibtoolize
-	# Needed for https://gitlab.gnome.org/GNOME/libxml2/-/issues/338 too in 2.9.13
-	eautoreconf
+	if [[ ${PV} == 9999 ]] ; then
+		eautoreconf
+	else
+		# Please do not remove, as else we get references to PORTAGE_TMPDIR
+		# in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+		elibtoolize
+	fi
 }
 
 multilib_src_configure() {
-	# Filter seemingly problematic CFLAGS (#26320)
+	# Filter seemingly problematic CFLAGS (bug #26320)
 	filter-flags -fprefetch-loop-arrays -funroll-loops
 
 	# Notes:
 	# The meaning of the 'debug' USE flag does not apply to the --with-debug
 	# switch (enabling the libxml2 debug module). See bug #100898.
-
 	libxml2_configure() {
 		ECONF_SOURCE="${S}" econf \
 			--enable-ipv6 \
@@ -160,6 +167,8 @@ multilib_src_install_all() {
 		rm -rf "${ED}"/usr/share/doc/${PF}/python/examples || die
 	fi
 
+	rm -rf "${ED}"/usr/share/doc/${PN}-python-${PVR} || die
+
 	find "${ED}" -name '*.la' -delete || die
 }
 

diff --git a/dev-libs/libxml2/libxml2-9999.ebuild b/dev-libs/libxml2/libxml2-9999.ebuild
index 3ad0604b6f1e..847a7c331d40 100644
--- a/dev-libs/libxml2/libxml2-9999.ebuild
+++ b/dev-libs/libxml2/libxml2-9999.ebuild
@@ -7,7 +7,7 @@ EAPI=8
 
 PYTHON_COMPAT=( python3_{8..10} )
 PYTHON_REQ_USE="xml"
-inherit autotools flag-o-matic python-r1 multilib-minimal
+inherit flag-o-matic python-r1 multilib-minimal
 
 XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
 XSTS_NAME_1="xmlschema2002-01-16"
@@ -20,10 +20,10 @@ DESCRIPTION="XML C parser and toolkit"
 HOMEPAGE="http://www.xmlsoft.org/ https://gitlab.gnome.org/GNOME/libxml2"
 if [[ ${PV} == 9999 ]] ; then
 	EGIT_REPO_URI="https://gitlab.gnome.org/GNOME/libxml2"
-	inherit git-r3
+	inherit autotools git-r3
 else
-	inherit gnome.org
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	inherit gnome.org libtool
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 fi
 
 SRC_URI+="
@@ -40,18 +40,17 @@ IUSE="debug examples icu lzma +python readline static-libs test"
 RESTRICT="!test? ( test )"
 REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
 
-BDEPEND="
-	dev-util/gtk-doc-am
-	virtual/pkgconfig
-"
-RDEPEND="
-	>=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+RDEPEND=">=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
 	icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
 	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
 	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-"
+	readline? ( sys-libs/readline:= )"
 DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+if [[ ${PV} == 9999 ]] ; then
+	BDEPEND+=" dev-util/gtk-doc-am"
+fi
 
 MULTILIB_CHOST_TOOLS=(
 	/usr/bin/xml2-config
@@ -59,6 +58,10 @@ MULTILIB_CHOST_TOOLS=(
 
 DOCS=( NEWS README.md TODO TODO_SCHEMAS python/TODO )
 
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.9.8-out-of-tree-test.patch
+)
+
 src_unpack() {
 	if [[ ${PV} == 9999 ]] ; then
 		git-r3_src_unpack
@@ -67,7 +70,11 @@ src_unpack() {
 
 		# ${A} isn't used to avoid unpacking of test tarballs into ${WORKDIR},
 		# as they are needed as tarballs in ${S}/xstc instead and not unpacked
-		unpack ${tarname} ${PN}-${PATCHSET_VERSION}.tar.bz2
+		unpack ${tarname}
+
+		if [[ -n ${PATCHSET_VERSION} ]] ; then
+			unpack ${PN}-${PATCHSET_VERSION}.tar.bz2
+		fi
 	fi
 
 	cd "${S}" || die
@@ -84,22 +91,22 @@ src_unpack() {
 src_prepare() {
 	default
 
-	# Please do not remove, as else we get references to PORTAGE_TMPDIR
-	# in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
-	# We now need to run eautoreconf at the end to prevent maintainer mode.
-	#elibtoolize
-	# Needed for https://gitlab.gnome.org/GNOME/libxml2/-/issues/338 too in 2.9.13
-	eautoreconf
+	if [[ ${PV} == 9999 ]] ; then
+		eautoreconf
+	else
+		# Please do not remove, as else we get references to PORTAGE_TMPDIR
+		# in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+		elibtoolize
+	fi
 }
 
 multilib_src_configure() {
-	# Filter seemingly problematic CFLAGS (#26320)
+	# Filter seemingly problematic CFLAGS (bug #26320)
 	filter-flags -fprefetch-loop-arrays -funroll-loops
 
 	# Notes:
 	# The meaning of the 'debug' USE flag does not apply to the --with-debug
 	# switch (enabling the libxml2 debug module). See bug #100898.
-
 	libxml2_configure() {
 		ECONF_SOURCE="${S}" econf \
 			--enable-ipv6 \
@@ -160,6 +167,8 @@ multilib_src_install_all() {
 		rm -rf "${ED}"/usr/share/doc/${PF}/python/examples || die
 	fi
 
+	rm -rf "${ED}"/usr/share/doc/${PN}-python-${PVR} || die
+
 	find "${ED}" -name '*.la' -delete || die
 }
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/

[Mike Gilbert]

commit:     1962521dfb13aae2f73a0fddaba1c0a68e5b5670
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 23 00:27:27 2022 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Apr 23 00:27:27 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1962521d

dev-libs/libxml2: avoid creating /missing.xml in tests

Closes: https://bugs.gentoo.org/839804
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../files/libxml2-2.9.13-testapi-missing-xml.patch | 28 ++++++++++++++++++++++
 dev-libs/libxml2/libxml2-2.9.13-r1.ebuild          |  3 +++
 2 files changed, 31 insertions(+)

diff --git a/dev-libs/libxml2/files/libxml2-2.9.13-testapi-missing-xml.patch b/dev-libs/libxml2/files/libxml2-2.9.13-testapi-missing-xml.patch
new file mode 100644
index 000000000000..adbb3db72a5a
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.13-testapi-missing-xml.patch
@@ -0,0 +1,28 @@
+From b31e07dbf40c3998dd466829e818f5870296272d Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Fri, 22 Apr 2022 20:14:05 -0400
+Subject: [PATCH] testapi: remove leading slash from "/missing.xml"
+
+Fixes an error when running tests in a sandbox on Gentoo Linux.
+
+Bug: https://bugs.gentoo.org/839804
+---
+ testapi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/testapi.c b/testapi.c
+index d4258c43..c7a5b163 100644
+--- a/testapi.c
++++ b/testapi.c
+@@ -442,7 +442,7 @@ static void des_eaten_name(int no ATTRIBUTE_UNUSED, xmlChar *val ATTRIBUTE_UNUSE
+ #define gen_nb_fileoutput 6
+ 
+ static const char *gen_fileoutput(int no, int nr ATTRIBUTE_UNUSED) {
+-    if (no == 0) return("/missing.xml");
++    if (no == 0) return("missing.xml");
+     if (no == 1) return("<foo/>");
+     if (no == 2) return(REMOTE2GOOD);
+     if (no == 3) return(REMOTE1GOOD);
+-- 
+2.35.1
+

diff --git a/dev-libs/libxml2/libxml2-2.9.13-r1.ebuild b/dev-libs/libxml2/libxml2-2.9.13-r1.ebuild
index 3378e7fad44d..82dfa95b7b2f 100644
--- a/dev-libs/libxml2/libxml2-2.9.13-r1.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.13-r1.ebuild
@@ -77,6 +77,9 @@ PATCHES=(
 
 	# Don't bother copying Python's libraries (bug #798942)
 	"${WORKDIR}"/${PN}-2.9.12-dont-copy-python-ldflags.patch
+
+	# https://bugs.gentoo.org/839804
+	"${FILESDIR}"/libxml2-2.9.13-testapi-missing-xml.patch
 )
 
 src_unpack() {

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/

[Sam James]

commit:     cf3128be852f26ac32c5dd67e904012b094b9496
Author:     Benjamin Gordon <bmgordon <AT> chromium <DOT> org>
AuthorDate: Fri Mar  5 16:25:29 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 11 17:47:44 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf3128be

dev-libs/libxml2: Add upstream patch for xmllint

This fixes an out-of-bounds read in xmllint when built with icu.  See
CVE-2020-24977 and https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
for more info.

Signed-off-by: Benjamin Gordon <bmgordon <AT> chromium.org>
Bug: https://bugs.gentoo.org/749849
Closes: https://github.com/gentoo/gentoo/pull/19835
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/libxml2-2.9.10-xmllint-utf8.patch        | 36 ++++++++++++++++++++++
 ...2-2.9.10-r4.ebuild => libxml2-2.9.10-r5.ebuild} |  3 ++
 2 files changed, 39 insertions(+)

diff --git a/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch b/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch
new file mode 100644
index 00000000000..7807b32cce5
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch
@@ -0,0 +1,36 @@
+From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Aug 2020 21:54:27 +0200
+Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'
+
+Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
+array access.
+
+Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
+the report.
+
+Fixes #178.
+---
+ xmllint.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/xmllint.c b/xmllint.c
+index f6a8e463..c647486f 100644
+--- a/xmllint.c
++++ b/xmllint.c
+@@ -528,6 +528,12 @@ static void
+ xmlHTMLEncodeSend(void) {
+     char *result;
+ 
++    /*
++     * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might
++     * end with a truncated UTF-8 sequence. This is a hack to at least avoid
++     * an out-of-bounds read.
++     */
++    memset(&buffer[sizeof(buffer)-4], 0, 4);
+     result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer);
+     if (result) {
+ 	xmlGenericError(xmlGenericErrorContext, "%s", result);
+-- 
+GitLab
+

diff --git a/dev-libs/libxml2/libxml2-2.9.10-r4.ebuild b/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
similarity index 98%
rename from dev-libs/libxml2/libxml2-2.9.10-r4.ebuild
rename to dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
index 9db3902e430..1e48320e3fd 100644
--- a/dev-libs/libxml2/libxml2-2.9.10-r4.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
@@ -92,6 +92,9 @@ src_prepare() {
 	# bug #745162
 	eapply "${FILESDIR}"/${PN}-2.9.8-python3-unicode-errors.patch
 
+	# https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
+	eapply "${FILESDIR}"/${PN}-2.9.10-xmllint-utf8.patch
+
 	if [[ ${CHOST} == *-darwin* ]] ; then
 		# Avoid final linking arguments for python modules
 		sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/

[Sam James]

commit:     3c89772e764f988c990d87a3fd3428894317512e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 11 17:30:06 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 11 17:47:45 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c89772e

dev-libs/libxml2: split CVE patch into new revbump (2.9.10-r5), restore old

Bug: https://bugs.gentoo.org/749849
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch               | 2 ++
 .../libxml2/{libxml2-2.9.10-r5.ebuild => libxml2-2.9.10-r4.ebuild}     | 3 ---
 dev-libs/libxml2/libxml2-2.9.10-r5.ebuild                              | 2 +-
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch b/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch
index 7807b32cce5..179f3a8c384 100644
--- a/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch
+++ b/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch
@@ -1,3 +1,5 @@
+https://bugs.gentoo.org/749849
+
 From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
 From: Nick Wellnhofer <wellnhofer@aevum.de>
 Date: Fri, 7 Aug 2020 21:54:27 +0200

diff --git a/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild b/dev-libs/libxml2/libxml2-2.9.10-r4.ebuild
similarity index 98%
copy from dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
copy to dev-libs/libxml2/libxml2-2.9.10-r4.ebuild
index 1e48320e3fd..9db3902e430 100644
--- a/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.10-r4.ebuild
@@ -92,9 +92,6 @@ src_prepare() {
 	# bug #745162
 	eapply "${FILESDIR}"/${PN}-2.9.8-python3-unicode-errors.patch
 
-	# https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
-	eapply "${FILESDIR}"/${PN}-2.9.10-xmllint-utf8.patch
-
 	if [[ ${CHOST} == *-darwin* ]] ; then
 		# Avoid final linking arguments for python modules
 		sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die

diff --git a/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild b/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
index 1e48320e3fd..cc5323b91d7 100644
--- a/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
@@ -13,7 +13,7 @@ HOMEPAGE="http://www.xmlsoft.org/ https://gitlab.gnome.org/GNOME/libxml2"
 
 LICENSE="MIT"
 SLOT="2"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="debug examples icu ipv6 lzma +python readline static-libs test"
 REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/

[Mike Frysinger]

commit:     c00985c576a4af05b6cc871fe63f93a6537bb20e
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Thu Jan  3 10:52:31 2019 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan  3 10:54:21 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c00985c5

dev-libs/libxml2: fix reader5.py test #565576

Closes: https://bugs.gentoo.org/565576
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 .../files/libxml2-2.9.8-out-of-tree-test.patch     | 40 ++++++++++++++++++++++
 dev-libs/libxml2/libxml2-2.9.8.ebuild              |  3 ++
 2 files changed, 43 insertions(+)

diff --git a/dev-libs/libxml2/files/libxml2-2.9.8-out-of-tree-test.patch b/dev-libs/libxml2/files/libxml2-2.9.8-out-of-tree-test.patch
new file mode 100644
index 00000000000..fcc441d05de
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.8-out-of-tree-test.patch
@@ -0,0 +1,40 @@
+https://gitlab.gnome.org/GNOME/libxml2/merge_requests/14
+
+From 54878c018af979b20ca1bfbf12599973484cae5b Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Thu, 3 Jan 2019 05:44:03 -0500
+Subject: [PATCH] fix reader5.py test when building out of tree
+
+When building out of tree, the relative path this test uses doesn't
+work.  Resolve the path relative to the test script itself instead.
+
+Url: https://bugs.gentoo.org/565576
+---
+ python/tests/reader5.py | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/python/tests/reader5.py b/python/tests/reader5.py
+index 82d0daea474a..da5355ffc4c6 100755
+--- a/python/tests/reader5.py
++++ b/python/tests/reader5.py
+@@ -4,6 +4,7 @@
+ # this extract the Dragon bibliography entries from the XML specification
+ #
+ import libxml2
++import os
+ import sys
+ 
+ # Memory debug specific
+@@ -14,7 +15,8 @@ Ravi Sethi, and Jeffrey D. Ullman.
+ <emph>Compilers:  Principles, Techniques, and Tools</emph>.
+ Reading:  Addison-Wesley, 1986, rpt. corr. 1988.</bibl>"""
+ 
+-f = open('../../test/valid/REC-xml-19980210.xml', 'rb')
++basedir = os.path.dirname(os.path.realpath(__file__))
++f = open(os.path.join(basedir, '../../test/valid/REC-xml-19980210.xml'), 'rb')
+ input = libxml2.inputBuffer(f)
+ reader = input.newTextReader("REC")
+ res=""
+-- 
+2.19.1
+

diff --git a/dev-libs/libxml2/libxml2-2.9.8.ebuild b/dev-libs/libxml2/libxml2-2.9.8.ebuild
index 1917e19e628..fbb37285cb7 100644
--- a/dev-libs/libxml2/libxml2-2.9.8.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.8.ebuild
@@ -81,6 +81,9 @@ src_prepare() {
 	# https://bugzilla.gnome.org/show_bug.cgi?id=760458
 	eapply "${FILESDIR}"/${PN}-2.9.2-python-ABIFLAG.patch
 
+	# Fix python tests when building out of tree #565576
+	eapply "${FILESDIR}"/${PN}-2.9.8-out-of-tree-test.patch
+
 	if [[ ${CHOST} == *-darwin* ]] ; then
 		# Avoid final linking arguments for python modules
 		sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/

[Mart Raudsepp]

commit:     783baf3271249d8e234cd806650191181ef03c9c
Author:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  2 14:32:11 2018 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Fri Mar  2 16:08:50 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=783baf32

dev-libs/libxml2: security cleanup

Bug: https://bugs.gentoo.org/644574
Package-Manager: Portage-2.3.19, Repoman-2.3.6

 dev-libs/libxml2/Manifest                          |   1 -
 .../files/libxml2-2.9.2-disable-tests.patch        |  68 ------
 .../files/libxml2-2.9.4-CVE-2016-4658.patch        | 249 ---------------------
 .../files/libxml2-2.9.4-CVE-2016-5131.patch        | 174 --------------
 .../libxml2/files/libxml2-2.9.4-nullptrderef.patch |  50 -----
 .../files/libxml2-2.9.4-nullptrderef2.patch        |  57 -----
 dev-libs/libxml2/libxml2-2.9.4-r1.ebuild           | 220 ------------------
 7 files changed, 819 deletions(-)

diff --git a/dev-libs/libxml2/Manifest b/dev-libs/libxml2/Manifest
index a4a9a1eed8c..97855caaa55 100644
--- a/dev-libs/libxml2/Manifest
+++ b/dev-libs/libxml2/Manifest
@@ -1,4 +1,3 @@
-DIST libxml2-2.9.4.tar.gz 5374830 BLAKE2B eb0df2310a7a92084475ccd9bf538cc1c85861b2a8c766e91267b671c18eae3113016abd7bb198b6a239230cb2b9b908b9618fec11d36db10fd5cf6eac03ad3f SHA512 f5174ab1a3a0ec0037a47f47aa47def36674e02bfb42b57f609563f84c6247c585dbbb133c056953a5adb968d328f18cbc102eb0d00d48eb7c95478389e5daf9
 DIST libxml2-2.9.6.tar.gz 5469624 BLAKE2B cb8fc74044876b2ddf9742a4a84d685ce6cd1e41a991ee79fd70a9175c54d2a9a3d3a2c3229a4ce177fcd4e30b0cee08c7cf3a36fef68b179db0ce521fbbf3b0 SHA512 5ef80f895374bd5dd3bcd5f00c715795f026bf45d998f8f762c0cdb739b8755e01de40cf853d98a3826eacef95c4adebe4777db11020e8d98d0bda921f55a0ed
 DIST libxml2-2.9.7.tar.gz 5467389 BLAKE2B e15082fb87fb41a7aab6f39120b1d1bbd0325af8009bb3b74c69a98bf7347a39f59055762df157dcf223a79ac84f17535cb40af0a9a461ee3d2c1d55f4832e1b SHA512 da06cb7c5032ef4b7c8e902fabb9d2c74634c42c161be07a7c66a00d53a68029f89b0d4de32a6b9d4ff338c2d1d9c4e53aefb9cf50cb1c2d6c6b06b442ef42d5
 DIST xmlts20080827.tar.gz 638940 BLAKE2B c5aab959c6e0698acd5b9be82b48a8ac26f4d01cc03f9acfff20d344f97f4711fc6d4a524ae70457147e8e30c72e27b6726829e1dd21896286aa974ed60774e7 SHA512 7325d0977c4427fc4944b291ccf896a665f654cc24399e5565c12a849c2bc3aef4fa3ee42a09ac115abcb6570c51a8fbd052c38d64d164279ecdecad5a4e884d

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch b/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
deleted file mode 100644
index a231269b4b8..00000000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-do not build test programs as we don't install them
-
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -10,7 +10,7 @@
- 
- AM_CFLAGS = $(THREAD_CFLAGS) $(Z_CFLAGS) $(LZMA_CFLAGS)
- 
--noinst_PROGRAMS=testSchemas testRelax testSAX testHTML testXPath testURI \
-+check_PROGRAMS=testSchemas testRelax testSAX testHTML testXPath testURI \
-                 testThreads testC14N testAutomata testRegexp \
-                 testReader testapi testModule runtest runsuite testchar \
- 		testdict runxmlconf testrecurse testlimits
-@@ -170,7 +170,7 @@
- testModule_DEPENDENCIES = $(DEPS)
- testModule_LDADD= $(LDADDS)
- 
--noinst_LTLIBRARIES = testdso.la
-+check_LTLIBRARIES = testdso.la
- testdso_la_SOURCES = testdso.c
- testdso_la_LDFLAGS = -module -no-undefined -avoid-version -rpath $(libdir)
- 
-@@ -202,7 +202,7 @@ runxmlconf_LDADD= $(LDADDS)
- #testOOM_DEPENDENCIES = $(DEPS)
- #testOOM_LDADD= $(LDADDS)
- 
--runtests:
-+runtests: $(check_PROGRAMS)
- 	[ -d test   ] || $(LN_S) $(srcdir)/test   .
- 	[ -d result ] || $(LN_S) $(srcdir)/result .
- 	$(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
---- a/doc/examples/Makefile.am
-+++ b/doc/examples/Makefile.am
-@@ -13,7 +13,7 @@
- rebuild: examples.xml index.html
- .PHONY: rebuild
- 
--examples.xml: index.py $(noinst_PROGRAMS:=.c)
-+examples.xml: index.py $(check_PROGRAMS:=.c)
- 	cd $(srcdir) && $(PYTHON) index.py
- 	$(MAKE) Makefile
- 
-@@ -49,7 +49,7 @@
- 	xpath1.res \
- 	xpath2.res
- 
--noinst_PROGRAMS = \
-+check_PROGRAMS = \
- 	io1 \
- 	io2 \
- 	parse1 \
-@@ -99,7 +99,7 @@
- valgrind: 
- 	$(MAKE) CHECKER='valgrind' tests
- 
--tests: $(noinst_PROGRAMS)
-+tests: $(check_PROGRAMS)
- 	test -f Makefile.am || test -f test1.xml || $(LN_S) $(srcdir)/test?.xml .
- 	@(echo '## examples regression tests')
- 	@(echo > .memdump)
---- a/example/Makefile.am
-+++ b/example/Makefile.am
-@@ -1,4 +1,4 @@
--noinst_PROGRAMS	= gjobread
-+check_PROGRAMS	= gjobread
- 
- AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(srcdir)/include
- AM_CFLAGS = $(THREAD_CFLAGS) $(Z_CFLAGS)

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch
deleted file mode 100644
index 2ef22ce7a0d..00000000000
--- a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch
+++ /dev/null
@@ -1,249 +0,0 @@
-From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 18:34:52 +0200
-Subject: Disallow namespace nodes in XPointer ranges
-
-Namespace nodes must be copied to avoid use-after-free errors.
-But they don't necessarily have a physical representation in a
-document, so simply disallow them in XPointer ranges.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-4658.
----
- xpointer.c | 149 +++++++++++++++++++++++--------------------------------------
- 1 file changed, 56 insertions(+), 93 deletions(-)
-
-diff --git a/xpointer.c b/xpointer.c
-index a7b03fb..694d120 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
- }
- 
- /**
-+ * xmlXPtrNewRangeInternal:
-+ * @start:  the starting node
-+ * @startindex:  the start index
-+ * @end:  the ending point
-+ * @endindex:  the ending index
-+ *
-+ * Internal function to create a new xmlXPathObjectPtr of type range
-+ *
-+ * Returns the newly created object.
-+ */
-+static xmlXPathObjectPtr
-+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
-+                        xmlNodePtr end, int endindex) {
-+    xmlXPathObjectPtr ret;
-+
-+    /*
-+     * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
-+     * Disallow them for now.
-+     */
-+    if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
-+	return(NULL);
-+    if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
-+	return(NULL);
-+
-+    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-+    if (ret == NULL) {
-+        xmlXPtrErrMemory("allocating range");
-+	return(NULL);
-+    }
-+    memset(ret, 0, sizeof(xmlXPathObject));
-+    ret->type = XPATH_RANGE;
-+    ret->user = start;
-+    ret->index = startindex;
-+    ret->user2 = end;
-+    ret->index2 = endindex;
-+    return(ret);
-+}
-+
-+/**
-  * xmlXPtrNewRange:
-  * @start:  the starting node
-  * @startindex:  the start index
-@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
-     if (endindex < 0)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start;
--    ret->index = startindex;
--    ret->user2 = end;
--    ret->index2 = endindex;
-+    ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
-     if (end->type != XPATH_POINT)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start->user;
--    ret->index = start->index;
--    ret->user2 = end->user;
--    ret->index2 = end->index;
-+    ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
-+                                  end->index);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
-     if (start->type != XPATH_POINT)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start->user;
--    ret->index = start->index;
--    ret->user2 = end;
--    ret->index2 = -1;
-+    ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
-     if (end->type != XPATH_POINT)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start;
--    ret->index = -1;
--    ret->user2 = end->user;
--    ret->index2 = end->index;
-+    ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
-     if (end == NULL)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start;
--    ret->index = -1;
--    ret->user2 = end;
--    ret->index2 = -1;
-+    ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
-     if (start == NULL)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start;
--    ret->index = -1;
--    ret->user2 = NULL;
--    ret->index2 = -1;
-+    ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
-     return(ret);
- }
- 
-@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
-  */
- xmlXPathObjectPtr
- xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
-+    xmlNodePtr endNode;
-+    int endIndex;
-     xmlXPathObjectPtr ret;
- 
-     if (start == NULL)
-@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- 	return(NULL);
-     switch (end->type) {
- 	case XPATH_POINT:
-+	    endNode = end->user;
-+	    endIndex = end->index;
-+	    break;
- 	case XPATH_RANGE:
-+	    endNode = end->user2;
-+	    endIndex = end->index2;
- 	    break;
- 	case XPATH_NODESET:
- 	    /*
-@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- 	     */
- 	    if (end->nodesetval->nodeNr <= 0)
- 		return(NULL);
-+	    endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-+	    endIndex = -1;
- 	    break;
- 	default:
- 	    /* TODO */
- 	    return(NULL);
-     }
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start;
--    ret->index = -1;
--    switch (end->type) {
--	case XPATH_POINT:
--	    ret->user2 = end->user;
--	    ret->index2 = end->index;
--	    break;
--	case XPATH_RANGE:
--	    ret->user2 = end->user2;
--	    ret->index2 = end->index2;
--	    break;
--	case XPATH_NODESET: {
--	    ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
--	    ret->index2 = -1;
--	    break;
--	}
--	default:
--	    STRANGE
--	    return(NULL);
--    }
-+    ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
--- 
-cgit v0.12
-

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch
deleted file mode 100644
index 9ce3fb9d871..00000000000
--- a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 14:22:23 +0200
-Subject: Fix XPointer paths beginning with range-to
-
-The old code would invoke the broken xmlXPtrRangeToFunction. range-to
-isn't really a function but a special kind of location step. Remove
-this function and always handle range-to in the XPath code.
-
-The old xmlXPtrRangeToFunction could also be abused to trigger a
-use-after-free error with the potential for remote code execution.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-5131.
----
- result/XPath/xptr/vidbase | 13 ++++++++
- test/XPath/xptr/vidbase   |  1 +
- xpath.c                   |  7 ++++-
- xpointer.c                | 76 ++++-------------------------------------------
- 4 files changed, 26 insertions(+), 71 deletions(-)
-
-diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
-index 8b9e92d..f19193e 100644
---- a/result/XPath/xptr/vidbase
-+++ b/result/XPath/xptr/vidbase
-@@ -17,3 +17,16 @@ Object is a Location Set:
-   To node
-     ELEMENT p
- 
-+
-+========================
-+Expression: xpointer(range-to(id('chapter2')))
-+Object is a Location Set:
-+1 :   Object is a range :
-+  From node
-+     /
-+  To node
-+    ELEMENT chapter
-+      ATTRIBUTE id
-+        TEXT
-+          content=chapter2
-+
-diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
-index b146383..884b106 100644
---- a/test/XPath/xptr/vidbase
-+++ b/test/XPath/xptr/vidbase
-@@ -1,2 +1,3 @@
- xpointer(id('chapter1')/p)
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
-+xpointer(range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index d992841..5a01b1b 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
- 		    lc = 1;
- 		    break;
- 		} else if ((NXT(len) == '(')) {
--		    /* Note Type or Function */
-+		    /* Node Type or Function */
- 		    if (xmlXPathIsNodeType(name)) {
- #ifdef DEBUG_STEP
- 		        xmlGenericError(xmlGenericErrorContext,
- 				"PathExpr: Type search\n");
- #endif
- 			lc = 1;
-+#ifdef LIBXML_XPTR_ENABLED
-+                    } else if (ctxt->xptr &&
-+                               xmlStrEqual(name, BAD_CAST "range-to")) {
-+                        lc = 1;
-+#endif
- 		    } else {
- #ifdef DEBUG_STEP
- 		        xmlGenericError(xmlGenericErrorContext,
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..d74174a 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
-     ret->here = here;
-     ret->origin = origin;
- 
--    xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
--	                 xmlXPtrRangeToFunction);
-     xmlXPathRegisterFunc(ret, (xmlChar *)"range",
- 	                 xmlXPtrRangeFunction);
-     xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
-@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
-  * @nargs:  the number of args
-  *
-  * Implement the range-to() XPointer function
-+ *
-+ * Obsolete. range-to is not a real function but a special type of location
-+ * step which is handled in xpath.c.
-  */
- void
--xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
--    xmlXPathObjectPtr range;
--    const xmlChar *cur;
--    xmlXPathObjectPtr res, obj;
--    xmlXPathObjectPtr tmp;
--    xmlLocationSetPtr newset = NULL;
--    xmlNodeSetPtr oldset;
--    int i;
--
--    if (ctxt == NULL) return;
--    CHECK_ARITY(1);
--    /*
--     * Save the expression pointer since we will have to evaluate
--     * it multiple times. Initialize the new set.
--     */
--    CHECK_TYPE(XPATH_NODESET);
--    obj = valuePop(ctxt);
--    oldset = obj->nodesetval;
--    ctxt->context->node = NULL;
--
--    cur = ctxt->cur;
--    newset = xmlXPtrLocationSetCreate(NULL);
--
--    for (i = 0; i < oldset->nodeNr; i++) {
--	ctxt->cur = cur;
--
--	/*
--	 * Run the evaluation with a node list made of a single item
--	 * in the nodeset.
--	 */
--	ctxt->context->node = oldset->nodeTab[i];
--	tmp = xmlXPathNewNodeSet(ctxt->context->node);
--	valuePush(ctxt, tmp);
--
--	xmlXPathEvalExpr(ctxt);
--	CHECK_ERROR;
--
--	/*
--	 * The result of the evaluation need to be tested to
--	 * decided whether the filter succeeded or not
--	 */
--	res = valuePop(ctxt);
--	range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
--	if (range != NULL) {
--	    xmlXPtrLocationSetAdd(newset, range);
--	}
--
--	/*
--	 * Cleanup
--	 */
--	if (res != NULL)
--	    xmlXPathFreeObject(res);
--	if (ctxt->value == tmp) {
--	    res = valuePop(ctxt);
--	    xmlXPathFreeObject(res);
--	}
--
--	ctxt->context->node = NULL;
--    }
--
--    /*
--     * The result is used as the new evaluation set.
--     */
--    xmlXPathFreeObject(obj);
--    ctxt->context->node = NULL;
--    ctxt->context->contextSize = -1;
--    ctxt->context->proximityPosition = -1;
--    valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
-+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
-+                       int nargs ATTRIBUTE_UNUSED) {
-+    XP_ERROR(XPATH_EXPR_ERROR);
- }
- 
- /**
--- 
-cgit v0.12
-

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch
deleted file mode 100644
index d2a9c3e2add..00000000000
--- a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From e905f08123e4a6e7731549e6f09dadff4cab65bd Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Sun, 26 Jun 2016 12:38:28 +0200
-Subject: Fix more NULL pointer derefs in xpointer.c
-
-Found with afl-fuzz.
----
- xpointer.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/xpointer.c b/xpointer.c
-index 694d120..e643ee9 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -542,7 +542,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- 	    /*
- 	     * Empty set ...
- 	     */
--	    if (end->nodesetval->nodeNr <= 0)
-+	    if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
- 		return(NULL);
- 	    endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
- 	    endIndex = -1;
-@@ -1361,7 +1361,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
- 		     */
- 		    xmlNodeSetPtr set;
- 		    set = tmp->nodesetval;
--		    if ((set->nodeNr != 1) ||
-+		    if ((set == NULL) || (set->nodeNr != 1) ||
- 			(set->nodeTab[0] != (xmlNodePtr) ctx->doc))
- 			stack++;
- 		} else
-@@ -2034,9 +2034,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- 	xmlXPathFreeObject(set);
-         XP_ERROR(XPATH_MEMORY_ERROR);
-     }
--    for (i = 0;i < oldset->locNr;i++) {
--	xmlXPtrLocationSetAdd(newset,
--		xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+    if (oldset != NULL) {
-+        for (i = 0;i < oldset->locNr;i++) {
-+            xmlXPtrLocationSetAdd(newset,
-+                    xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+        }
-     }
- 
-     /*
--- 
-cgit v0.12
-

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch
deleted file mode 100644
index 2484f76e7b0..00000000000
--- a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From d8083bf77955b7879c1290f0c0a24ab8cc70f7fb Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Sat, 25 Jun 2016 12:35:50 +0200
-Subject: Fix NULL pointer deref in XPointer range-to
-
-- Check for errors after evaluating first operand.
-- Add sanity check for empty stack.
-
-Found with afl-fuzz.
----
- result/XPath/xptr/viderror | 4 ++++
- test/XPath/xptr/viderror   | 1 +
- xpath.c                    | 7 ++++++-
- 3 files changed, 11 insertions(+), 1 deletion(-)
- create mode 100644 result/XPath/xptr/viderror
- create mode 100644 test/XPath/xptr/viderror
-
-diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
-new file mode 100644
-index 0000000..d589882
---- /dev/null
-+++ b/result/XPath/xptr/viderror
-@@ -0,0 +1,4 @@
-+
-+========================
-+Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
-+Object is empty (NULL)
-diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
-new file mode 100644
-index 0000000..da8c53b
---- /dev/null
-+++ b/test/XPath/xptr/viderror
-@@ -0,0 +1 @@
-+xpointer(non-existing-fn()/range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index 113bce6..751665b 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
-                 xmlNodeSetPtr oldset;
-                 int i, j;
- 
--                if (op->ch1 != -1)
-+                if (op->ch1 != -1) {
-                     total +=
-                         xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
-+                    CHECK_ERROR0;
-+                }
-+                if (ctxt->value == NULL) {
-+                    XP_ERROR0(XPATH_INVALID_OPERAND);
-+                }
-                 if (op->ch2 == -1)
-                     return (total);
- 
--- 
-cgit v0.12
-

diff --git a/dev-libs/libxml2/libxml2-2.9.4-r1.ebuild b/dev-libs/libxml2/libxml2-2.9.4-r1.ebuild
deleted file mode 100644
index 8df1fd22c8e..00000000000
--- a/dev-libs/libxml2/libxml2-2.9.4-r1.ebuild
+++ /dev/null
@@ -1,220 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
-PYTHON_REQ_USE="xml"
-
-inherit libtool flag-o-matic ltprune python-r1 autotools prefix multilib-minimal
-
-DESCRIPTION="Version 2 of the library to manipulate XML files"
-HOMEPAGE="http://www.xmlsoft.org/"
-
-LICENSE="MIT"
-SLOT="2"
-KEYWORDS="arm64 m68k s390 sh"
-IUSE="debug examples icu ipv6 lzma python readline static-libs test"
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
-XSTS_NAME_1="xmlschema2002-01-16"
-XSTS_NAME_2="xmlschema2004-01-14"
-XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
-XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
-XMLCONF_TARBALL="xmlts20080827.tar.gz"
-
-SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
-	test? (
-		${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
-		${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
-		http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )"
-
-RDEPEND="
-	>=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
-	icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-"
-DEPEND="${RDEPEND}
-	dev-util/gtk-doc-am
-	virtual/pkgconfig
-	hppa? ( >=sys-devel/binutils-2.15.92.0.2 )
-"
-
-S="${WORKDIR}/${PN}-${PV%_rc*}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/xml2-config
-)
-
-src_unpack() {
-	# ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR,
-	# as they are needed as tarballs in ${S}/xstc instead and not unpacked
-	unpack ${P/_rc/-rc}.tar.gz
-	cd "${S}" || die
-
-	if use test; then
-		cp "${DISTDIR}/${XSTS_TARBALL_1}" \
-			"${DISTDIR}/${XSTS_TARBALL_2}" \
-			"${S}"/xstc/ \
-			|| die "Failed to install test tarballs"
-		unpack ${XMLCONF_TARBALL}
-	fi
-}
-
-src_prepare() {
-	default
-
-	DOCS=( AUTHORS ChangeLog NEWS README* TODO* )
-
-	# Patches needed for prefix support
-	eapply "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
-
-	eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
-
-	# Fix build for Windows platform
-	# https://bugzilla.gnome.org/show_bug.cgi?id=760456
-	eapply "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
-
-	# Disable programs that we don't actually install.
-	# https://bugzilla.gnome.org/show_bug.cgi?id=760457
-	eapply "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
-
-	# Fix python detection, bug #567066
-	# https://bugzilla.gnome.org/show_bug.cgi?id=760458
-	eapply "${FILESDIR}"/${PN}-2.9.2-python-ABIFLAG.patch
-
-	# Apply latest round of security patches wrt bugs 
-	# 589816, 597112, 597114, 597116.  This will be included
-	# in the next upstream release
-	eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-4658.patch
-	eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-5131.patch
-	eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef.patch
-	eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef2.patch
-
-	# Avoid final linking arguments for python modules
-	if [[ ${CHOST} == *-darwin* ]] ; then
-		sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die
-	fi
-
-	# Please do not remove, as else we get references to PORTAGE_TMPDIR
-	# in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
-	# We now need to run eautoreconf at the end to prevent maintainer mode.
-#	elibtoolize
-#	epunt_cxx # if we don't eautoreconf
-
-	eautoreconf
-}
-
-multilib_src_configure() {
-	# filter seemingly problematic CFLAGS (#26320)
-	filter-flags -fprefetch-loop-arrays -funroll-loops
-
-	# USE zlib support breaks gnome2
-	# (libgnomeprint for instance fails to compile with
-	# fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
-
-	# The meaning of the 'debug' USE flag does not apply to the --with-debug
-	# switch (enabling the libxml2 debug module). See bug #100898.
-
-	# --with-mem-debug causes unusual segmentation faults (bug #105120).
-
-	libxml2_configure() {
-		ECONF_SOURCE="${S}" econf \
-			--with-html-subdir=${PF}/html \
-			$(use_with debug run-debug) \
-			$(use_with icu) \
-			$(use_with lzma) \
-			$(use_enable ipv6) \
-			$(use_enable static-libs static) \
-			$(multilib_native_use_with readline) \
-			$(multilib_native_use_with readline history) \
-			"$@"
-	}
-
-	libxml2_py_configure() {
-		mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist
-		run_in_build_dir libxml2_configure "--with-python=${ROOT%/}${PYTHON}" # odd build system, also see bug #582130
-	}
-
-	libxml2_configure --without-python # build python bindings separately
-
-	if multilib_is_native_abi && use python; then
-		python_foreach_impl libxml2_py_configure
-	fi
-}
-
-multilib_src_compile() {
-	default
-	if multilib_is_native_abi && use python; then
-		local native_builddir=${BUILD_DIR}
-		python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all
-	fi
-}
-
-multilib_src_test() {
-	default
-	multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" \
-		EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install
-
-	if multilib_is_native_abi && use python; then
-		python_foreach_impl libxml2_py_emake \
-			DESTDIR="${D}" \
-			docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \
-			exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \
-			install
-		python_foreach_impl python_optimize
-	fi
-}
-
-multilib_src_install_all() {
-	# on windows, xmllint is installed by interix libxml2 in parent prefix.
-	# this is the version to use. the native winnt version does not support
-	# symlinks, which makes repoman fail if the portage tree is linked in
-	# from another location (which is my default). -- mduft
-	if [[ ${CHOST} == *-winnt* ]]; then
-		rm -rf "${ED}"/usr/bin/xmllint
-		rm -rf "${ED}"/usr/bin/xmlcatalog
-	fi
-
-	rm -rf "${ED}"/usr/share/doc/${P}
-	einstalldocs
-
-	if ! use examples; then
-		rm -rf "${ED}"/usr/share/doc/${PF}/examples
-		rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
-	fi
-
-	prune_libtool_files --modules
-}
-
-pkg_postinst() {
-	# We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
-	# be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
-	if [[ "${ROOT}" != "/" ]]; then
-		elog "Skipping XML catalog creation for stage building (bug #208887)."
-	else
-		# need an XML catalog, so no-one writes to a non-existent one
-		CATALOG="${EROOT}etc/xml/catalog"
-
-		# we dont want to clobber an existing catalog though,
-		# only ensure that one is there
-		# <obz@gentoo.org>
-		if [[ ! -e ${CATALOG} ]]; then
-			[[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml"
-			"${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
-			einfo "Created XML catalog in ${CATALOG}"
-		fi
-	fi
-}
-
-libxml2_py_emake() {
-	pushd "${BUILD_DIR}/python" > /dev/null || die
-	emake "$@"
-	popd > /dev/null
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/

[Gilles Dartiguelongue]

commit:     28aec45d6aa5d68e5de17feae733ec5497d7c0b8
Author:     Gilles Dartiguelongue <eva <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 24 22:34:16 2017 +0000
Commit:     Gilles Dartiguelongue <eva <AT> gentoo <DOT> org>
CommitDate: Thu Aug 24 22:47:44 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28aec45d

dev-libs/libxml2: add more security patches

Fix typo in patch changing test target and re-enable running
unittests in src_test.

Package-Manager: Portage-2.3.8, Repoman-2.3.3

 .../files/libxml2-2.9.2-disable-tests.patch        |   2 +-
 .../files/libxml2-2.9.4-CVE-2017-0663.patch        |  43 ++++
 .../files/libxml2-2.9.4-CVE-2017-7376.patch        |  31 +++
 .../files/libxml2-2.9.4-fix-root-node-cmp.patch    |  34 +++
 dev-libs/libxml2/libxml2-2.9.4-r3.ebuild           | 239 +++++++++++++++++++++
 5 files changed, 348 insertions(+), 1 deletion(-)

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch b/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
index a996bf64a18..a231269b4b8 100644
--- a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
@@ -25,7 +25,7 @@ do not build test programs as we don't install them
  #testOOM_LDADD= $(LDADDS)
  
 -runtests:
-+runtests: check_PROGRAMS
++runtests: $(check_PROGRAMS)
  	[ -d test   ] || $(LN_S) $(srcdir)/test   .
  	[ -d result ] || $(LN_S) $(srcdir)/result .
  	$(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-0663.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-0663.patch
new file mode 100644
index 00000000000..517e178a533
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-0663.patch
@@ -0,0 +1,43 @@
+From d815758b6a8c9dee8155268e49b5ef3b80135a14 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 6 Jun 2017 12:56:28 +0200
+Subject: [PATCH 1/3] Fix type confusion in xmlValidateOneNamespace
+
+Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on
+namespace declarations make no practical sense anyway.
+
+Fixes bug 780228.
+
+Found with libFuzzer and ASan.
+---
+ valid.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/valid.c b/valid.c
+index 8075d3a0..c51ea290 100644
+--- a/valid.c
++++ b/valid.c
+@@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+ 	}
+     }
+ 
++    /*
++     * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
++     * xmlAddID and xmlAddRef for namespace declarations, but it makes
++     * no practical sense to use ID types anyway.
++     */
++#if 0
+     /* Validity Constraint: ID uniqueness */
+     if (attrDecl->atype == XML_ATTRIBUTE_ID) {
+         if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+@@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+         if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+ 	    ret = 0;
+     }
++#endif
+ 
+     /* Validity Constraint: Notation Attributes */
+     if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
+-- 
+2.14.1
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7376.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7376.patch
new file mode 100644
index 00000000000..14ec773608b
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7376.patch
@@ -0,0 +1,31 @@
+From 43cd3b6222bda2332e963eb1c9ead78f29912b0a Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 7 Apr 2017 17:13:28 +0200
+Subject: [PATCH 2/3] Increase buffer space for port in HTTP redirect support
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=780690
+
+nanohttp.c: the code wrongly assumed a short int port value.
+---
+ nanohttp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/nanohttp.c b/nanohttp.c
+index 26e4290e..9c17530e 100644
+--- a/nanohttp.c
++++ b/nanohttp.c
+@@ -1423,9 +1423,9 @@ retry:
+     if (ctxt->port != 80) {
+ 	/* reserve space for ':xxxxx', incl. potential proxy */
+ 	if (proxy)
+-	    blen += 12;
++	    blen += 17;
+ 	else
+-	    blen += 6;
++	    blen += 11;
+     }
+     bp = (char*)xmlMallocAtomic(blen);
+     if ( bp == NULL ) {
+-- 
+2.14.1
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-fix-root-node-cmp.patch b/dev-libs/libxml2/files/libxml2-2.9.4-fix-root-node-cmp.patch
new file mode 100644
index 00000000000..224d60ff052
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-fix-root-node-cmp.patch
@@ -0,0 +1,34 @@
+From a1fb9a4f511d89f0738b62cabd6d92bfd9eb94a9 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 28 Jun 2016 14:19:58 +0200
+Subject: [PATCH 3/3] Fix comparison with root node in xmlXPathCmpNodes
+
+This change has already been made in xmlXPathCmpNodesExt but not in
+xmlXPathCmpNodes.
+---
+ xpath.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/xpath.c b/xpath.c
+index 67afbca5..5a01b1b3 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
+      * compute depth to root
+      */
+     for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
+-	if (cur == node1)
++	if (cur->parent == node1)
+ 	    return(1);
+ 	depth2++;
+     }
+     root = cur;
+     for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
+-	if (cur == node2)
++	if (cur->parent == node2)
+ 	    return(-1);
+ 	depth1++;
+     }
+-- 
+2.14.1
+

diff --git a/dev-libs/libxml2/libxml2-2.9.4-r3.ebuild b/dev-libs/libxml2/libxml2-2.9.4-r3.ebuild
new file mode 100644
index 00000000000..4c2fa243d2a
--- /dev/null
+++ b/dev-libs/libxml2/libxml2-2.9.4-r3.ebuild
@@ -0,0 +1,239 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
+PYTHON_REQ_USE="xml"
+
+inherit libtool flag-o-matic ltprune python-r1 autotools prefix multilib-minimal
+
+DESCRIPTION="Version 2 of the library to manipulate XML files"
+HOMEPAGE="http://www.xmlsoft.org/"
+
+LICENSE="MIT"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="debug examples icu ipv6 lzma python readline static-libs test"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
+XSTS_NAME_1="xmlschema2002-01-16"
+XSTS_NAME_2="xmlschema2004-01-14"
+XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
+XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
+XMLCONF_TARBALL="xmlts20080827.tar.gz"
+
+SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
+	test? (
+		${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
+		${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
+		http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )"
+
+RDEPEND="
+	>=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+	icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+	python? ( ${PYTHON_DEPS} )
+	readline? ( sys-libs/readline:= )
+"
+DEPEND="${EDEPEND}
+	dev-util/gtk-doc-am
+	virtual/pkgconfig
+	hppa? ( >=sys-devel/binutils-2.15.92.0.2 )
+"
+
+S="${WORKDIR}/${PN}-${PV%_rc*}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/xml2-config
+)
+
+src_unpack() {
+	# ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR,
+	# as they are needed as tarballs in ${S}/xstc instead and not unpacked
+	unpack ${P/_rc/-rc}.tar.gz
+	cd "${S}" || die
+
+	if use test; then
+		cp "${DISTDIR}/${XSTS_TARBALL_1}" \
+			"${DISTDIR}/${XSTS_TARBALL_2}" \
+			"${S}"/xstc/ \
+			|| die "Failed to install test tarballs"
+		unpack ${XMLCONF_TARBALL}
+	fi
+}
+
+src_prepare() {
+	default
+
+	DOCS=( AUTHORS ChangeLog NEWS README* TODO* )
+
+	# Patches needed for prefix support
+	eapply "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
+
+	eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
+
+	# Fix build for Windows platform
+	# https://bugzilla.gnome.org/show_bug.cgi?id=760456
+	eapply "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
+
+	# Disable programs that we don't actually install.
+	# https://bugzilla.gnome.org/show_bug.cgi?id=760457
+	eapply "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
+
+	# Fix python detection, bug #567066
+	# https://bugzilla.gnome.org/show_bug.cgi?id=760458
+	eapply "${FILESDIR}"/${PN}-2.9.2-python-ABIFLAG.patch
+
+	# Apply round of security patches wrt bugs 
+	# 589816, 597112, 597114, 597116.  This will be included
+	# in the next upstream release
+	eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-4658.patch
+	eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-5131.patch
+	eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef.patch
+	eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef2.patch
+
+	# Apply round of security patches wrt bugs:
+	# 599192, 586886, 618604, 622914, 605208, 623206
+	# This will be included in the next upstream release
+	eapply "${FILESDIR}"/${P}-CVE-2017-5969.patch
+	eapply "${FILESDIR}"/${P}-osd-validation.patch
+	eapply "${FILESDIR}"/${P}-CVE-2017-9049-9050.patch
+	eapply "${FILESDIR}"/${P}-CVE-2017-9047-9048.patch
+	eapply "${FILESDIR}"/${P}-heap-buffer-overflow.patch
+	eapply "${FILESDIR}"/${P}-CVE-2016-9318.patch
+	eapply "${FILESDIR}"/${P}-CVE-2017-7375.patch
+	eapply "${FILESDIR}"/${P}-CVE-2017-0663.patch
+
+	# More patche stolen from Debian patch stack
+	eapply "${FILESDIR}"/${P}-CVE-2017-7376.patch
+	eapply "${FILESDIR}"/${P}-fix-root-node-cmp.patch
+
+	# After all the patching this test still fails:
+	rm "${S}"/test/errors10/781205.xml || die
+
+	# Avoid final linking arguments for python modules
+	if [[ ${CHOST} == *-darwin* ]] ; then
+		sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die
+	fi
+
+	# Please do not remove, as else we get references to PORTAGE_TMPDIR
+	# in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+	# We now need to run eautoreconf at the end to prevent maintainer mode.
+#	elibtoolize
+#	epunt_cxx # if we don't eautoreconf
+
+	eautoreconf
+}
+
+multilib_src_configure() {
+	# filter seemingly problematic CFLAGS (#26320)
+	filter-flags -fprefetch-loop-arrays -funroll-loops
+
+	# USE zlib support breaks gnome2
+	# (libgnomeprint for instance fails to compile with
+	# fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
+
+	# The meaning of the 'debug' USE flag does not apply to the --with-debug
+	# switch (enabling the libxml2 debug module). See bug #100898.
+
+	# --with-mem-debug causes unusual segmentation faults (bug #105120).
+
+	libxml2_configure() {
+		ECONF_SOURCE="${S}" econf \
+			--with-html-subdir=${PF}/html \
+			$(use_with debug run-debug) \
+			$(use_with icu) \
+			$(use_with lzma) \
+			$(use_enable ipv6) \
+			$(use_enable static-libs static) \
+			$(multilib_native_use_with readline) \
+			$(multilib_native_use_with readline history) \
+			"$@"
+	}
+
+	libxml2_py_configure() {
+		mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist
+		run_in_build_dir libxml2_configure "--with-python=${ROOT%/}${PYTHON}" # odd build system, also see bug #582130
+	}
+
+	libxml2_configure --without-python # build python bindings separately
+
+	if multilib_is_native_abi && use python; then
+		python_foreach_impl libxml2_py_configure
+	fi
+}
+
+multilib_src_compile() {
+	default
+	if multilib_is_native_abi && use python; then
+		local native_builddir=${BUILD_DIR}
+		python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all
+	fi
+}
+
+multilib_src_test() {
+	emake check
+	multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" \
+		EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install
+
+	if multilib_is_native_abi && use python; then
+		python_foreach_impl libxml2_py_emake \
+			DESTDIR="${D}" \
+			docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \
+			exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \
+			install
+		python_foreach_impl python_optimize
+	fi
+}
+
+multilib_src_install_all() {
+	# on windows, xmllint is installed by interix libxml2 in parent prefix.
+	# this is the version to use. the native winnt version does not support
+	# symlinks, which makes repoman fail if the portage tree is linked in
+	# from another location (which is my default). -- mduft
+	if [[ ${CHOST} == *-winnt* ]]; then
+		rm -rf "${ED}"/usr/bin/xmllint
+		rm -rf "${ED}"/usr/bin/xmlcatalog
+	fi
+
+	rm -rf "${ED}"/usr/share/doc/${P}
+	einstalldocs
+
+	if ! use examples; then
+		rm -rf "${ED}"/usr/share/doc/${PF}/examples
+		rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
+	fi
+
+	prune_libtool_files --modules
+}
+
+pkg_postinst() {
+	# We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
+	# be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
+	if [[ "${ROOT}" != "/" ]]; then
+		elog "Skipping XML catalog creation for stage building (bug #208887)."
+	else
+		# need an XML catalog, so no-one writes to a non-existent one
+		CATALOG="${EROOT}etc/xml/catalog"
+
+		# we dont want to clobber an existing catalog though,
+		# only ensure that one is there
+		# <obz@gentoo.org>
+		if [[ ! -e ${CATALOG} ]]; then
+			[[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml"
+			"${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
+			einfo "Created XML catalog in ${CATALOG}"
+		fi
+	fi
+}
+
+libxml2_py_emake() {
+	pushd "${BUILD_DIR}/python" > /dev/null || die
+	emake "$@"
+	popd > /dev/null
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/

[Gilles Dartiguelongue]

commit:     9f36ba11942153b51031264201e9a9491fb00ebd
Author:     Gilles Dartiguelongue <eva <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 23 07:27:49 2017 +0000
Commit:     Gilles Dartiguelongue <eva <AT> gentoo <DOT> org>
CommitDate: Wed Aug 23 07:28:56 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f36ba11

dev-libs/libxml2: version bump 2.9.4-r1 → 2.9.4-r2

Apply a round of security fixes.

Gentoo-Bugs: 599192, 586886, 618604, 622914, 605208, 623206
Package-Manager: Portage-2.3.8, Repoman-2.3.3

 .../files/libxml2-2.9.4-CVE-2016-9318.patch        | 202 +++++++++++++
 .../files/libxml2-2.9.4-CVE-2017-5969.patch        |  63 ++++
 .../files/libxml2-2.9.4-CVE-2017-7375.patch        |  35 +++
 .../files/libxml2-2.9.4-CVE-2017-9047-9048.patch   | 116 ++++++++
 .../files/libxml2-2.9.4-CVE-2017-9049-9050.patch   | 316 +++++++++++++++++++++
 .../files/libxml2-2.9.4-heap-buffer-overflow.patch |  32 +++
 .../files/libxml2-2.9.4-osd-validation.patch       |  66 +++++
 dev-libs/libxml2/libxml2-2.9.4-r2.ebuild           | 231 +++++++++++++++
 8 files changed, 1061 insertions(+)

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-9318.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-9318.patch
new file mode 100644
index 00000000000..5d1adb014a0
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-9318.patch
@@ -0,0 +1,202 @@
+From 292be65a52ab9e0eb3a53b4e0be5a57bc6de59d3 Mon Sep 17 00:00:00 2001
+From: Doran Moppert <dmoppert@redhat.com>
+Date: Fri, 7 Apr 2017 16:45:56 +0200
+Subject: [PATCH 6/7] Add an XML_PARSE_NOXXE flag to block all entities loading
+ even local
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=772726
+
+* include/libxml/parser.h: Add a new parser flag XML_PARSE_NOXXE
+* elfgcchack.h, xmlIO.h, xmlIO.c: associated loading routine
+* include/libxml/xmlerror.h: new error raised
+* xmllint.c: adds --noxxe flag to activate the option
+---
+ elfgcchack.h              | 10 ++++++++++
+ include/libxml/parser.h   |  3 ++-
+ include/libxml/xmlIO.h    |  8 ++++++++
+ include/libxml/xmlerror.h |  1 +
+ parser.c                  |  4 ++++
+ xmlIO.c                   | 40 +++++++++++++++++++++++++++++++++++-----
+ xmllint.c                 |  5 +++++
+ 7 files changed, 65 insertions(+), 6 deletions(-)
+
+diff --git a/elfgcchack.h b/elfgcchack.h
+index 8c52884a..1b81dcde 100644
+--- a/elfgcchack.h
++++ b/elfgcchack.h
+@@ -6547,6 +6547,16 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int
+ #endif
+ #endif
+ 
++#ifdef bottom_xmlIO
++#undef xmlNoXxeExternalEntityLoader
++extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias")));
++#else
++#ifndef xmlNoXxeExternalEntityLoader
++extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden")));
++#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias
++#endif
++#endif
++
+ #ifdef bottom_tree
+ #undef xmlNodeAddContent
+ extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias")));
+diff --git a/include/libxml/parser.h b/include/libxml/parser.h
+index 47fbec03..63ca1b97 100644
+--- a/include/libxml/parser.h
++++ b/include/libxml/parser.h
+@@ -1111,7 +1111,8 @@ typedef enum {
+     XML_PARSE_HUGE      = 1<<19,/* relax any hardcoded limit from the parser */
+     XML_PARSE_OLDSAX    = 1<<20,/* parse using SAX2 interface before 2.7.0 */
+     XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */
+-    XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */
++    XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */
++    XML_PARSE_NOXXE	= 1<<23 /* Forbid any external entity loading */
+ } xmlParserOption;
+ 
+ XMLPUBFUN void XMLCALL
+diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h
+index 3e41744d..8d3fdef5 100644
+--- a/include/libxml/xmlIO.h
++++ b/include/libxml/xmlIO.h
+@@ -299,6 +299,14 @@ XMLPUBFUN xmlParserInputPtr XMLCALL
+ 					 const char *ID,
+ 					 xmlParserCtxtPtr ctxt);
+ 
++/*
++ * A predefined entity loader external entity expansion
++ */
++XMLPUBFUN xmlParserInputPtr XMLCALL
++	xmlNoXxeExternalEntityLoader	(const char *URL,
++					 const char *ID,
++					 xmlParserCtxtPtr ctxt);
++
+ /*
+  * xmlNormalizeWindowsPath is obsolete, don't use it.
+  * Check xmlCanonicPath in uri.h for a better alternative.
+diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h
+index 037c16d5..3036062d 100644
+--- a/include/libxml/xmlerror.h
++++ b/include/libxml/xmlerror.h
+@@ -470,6 +470,7 @@ typedef enum {
+     XML_IO_EADDRINUSE, /* 1554 */
+     XML_IO_EALREADY, /* 1555 */
+     XML_IO_EAFNOSUPPORT, /* 1556 */
++    XML_IO_ILLEGAL_XXE, /* 1557 */
+     XML_XINCLUDE_RECURSION=1600,
+     XML_XINCLUDE_PARSE_VALUE, /* 1601 */
+     XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */
+diff --git a/parser.c b/parser.c
+index b832406a..8e11c127 100644
+--- a/parser.c
++++ b/parser.c
+@@ -15352,6 +15352,10 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi
+ 	ctxt->options |= XML_PARSE_NONET;
+         options -= XML_PARSE_NONET;
+     }
++    if (options & XML_PARSE_NOXXE) {
++	ctxt->options |= XML_PARSE_NOXXE;
++        options -= XML_PARSE_NOXXE;
++    }
+     if (options & XML_PARSE_COMPACT) {
+ 	ctxt->options |= XML_PARSE_COMPACT;
+         options -= XML_PARSE_COMPACT;
+diff --git a/xmlIO.c b/xmlIO.c
+index 6e61f45a..34881461 100644
+--- a/xmlIO.c
++++ b/xmlIO.c
+@@ -212,6 +212,7 @@ static const char *IOerr[] = {
+     "adddress in use",		/* EADDRINUSE */
+     "already in use",		/* EALREADY */
+     "unknown address familly",	/* EAFNOSUPPORT */
++    "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */
+ };
+ 
+ #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__)
+@@ -4057,13 +4058,22 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID,
+     xmlGenericError(xmlGenericErrorContext,
+                     "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL);
+ #endif
+-    if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) {
++    if (ctxt != NULL) {
+         int options = ctxt->options;
+ 
+-	ctxt->options -= XML_PARSE_NONET;
+-        ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
+-	ctxt->options = options;
+-	return(ret);
++        if (options & XML_PARSE_NOXXE) {
++            ctxt->options -= XML_PARSE_NOXXE;
++            ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt);
++            ctxt->options = options;
++            return(ret);
++        }
++ 
++        if (options & XML_PARSE_NONET) {
++            ctxt->options -= XML_PARSE_NONET;
++            ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
++            ctxt->options = options;
++            return(ret);
++        }
+     }
+ #ifdef LIBXML_CATALOG_ENABLED
+     resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
+@@ -4164,6 +4174,13 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
+     xmlParserInputPtr input = NULL;
+     xmlChar *resource = NULL;
+ 
++    if (ctxt == NULL) {
++        return(NULL);
++    }
++    if (ctxt->input_id == 1) {
++        return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
++    }
++
+ #ifdef LIBXML_CATALOG_ENABLED
+     resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
+ #endif
+@@ -4186,5 +4203,18 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
+     return(input);
+ }
+ 
++xmlParserInputPtr
++xmlNoXxeExternalEntityLoader(const char *URL, const char *ID,
++                          xmlParserCtxtPtr ctxt) {
++    if (ctxt == NULL) {
++        return(NULL);
++    }
++    if (ctxt->input_id == 1) {
++        return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
++    }
++    xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL);
++    return(NULL);
++}
++
+ #define bottom_xmlIO
+ #include "elfgcchack.h"
+diff --git a/xmllint.c b/xmllint.c
+index f8eb7ec4..8f304cda 100644
+--- a/xmllint.c
++++ b/xmllint.c
+@@ -3019,6 +3019,7 @@ static void usage(const char *name) {
+     printf("\t--path 'paths': provide a set of paths for resources\n");
+     printf("\t--load-trace : print trace of all external entities loaded\n");
+     printf("\t--nonet : refuse to fetch DTDs or entities over network\n");
++    printf("\t--noxxe : forbid any external entity loading\n");
+     printf("\t--nocompact : do not generate compact text nodes\n");
+     printf("\t--htmlout : output results as HTML\n");
+     printf("\t--nowrap : do not put HTML doc wrapper\n");
+@@ -3461,6 +3462,10 @@ main(int argc, char **argv) {
+                    (!strcmp(argv[i], "--nonet"))) {
+ 	    options |= XML_PARSE_NONET;
+ 	    xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader);
++        } else if ((!strcmp(argv[i], "-noxxe")) ||
++                   (!strcmp(argv[i], "--noxxe"))) {
++	    options |= XML_PARSE_NOXXE;
++	    xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader);
+         } else if ((!strcmp(argv[i], "-nocompact")) ||
+                    (!strcmp(argv[i], "--nocompact"))) {
+ 	    options &= ~XML_PARSE_COMPACT;
+-- 
+2.14.1
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-5969.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-5969.patch
new file mode 100644
index 00000000000..4d1362f2f93
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-5969.patch
@@ -0,0 +1,63 @@
+From 8952ce48a5fa1d3de1f087f10e8b6e47bb59f4e3 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Wed, 7 Jun 2017 16:47:36 +0200
+Subject: [PATCH 1/7] Fix NULL pointer deref in xmlDumpElementContent
+
+Can only be triggered in recovery mode.
+
+Fixes bug 758422 (CVE-2017-5969).
+---
+ valid.c | 24 ++++++++++++++----------
+ 1 file changed, 14 insertions(+), 10 deletions(-)
+
+diff --git a/valid.c b/valid.c
+index 19f84b82..0a8e58ab 100644
+--- a/valid.c
++++ b/valid.c
+@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
+ 	    xmlBufferWriteCHAR(buf, content->name);
+ 	    break;
+ 	case XML_ELEMENT_CONTENT_SEQ:
+-	    if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+-	        (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
++	    if ((content->c1 != NULL) &&
++	        ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
++	         (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
+ 		xmlDumpElementContent(buf, content->c1, 1);
+ 	    else
+ 		xmlDumpElementContent(buf, content->c1, 0);
+             xmlBufferWriteChar(buf, " , ");
+-	    if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
+-	        ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
+-		 (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
++	    if ((content->c2 != NULL) &&
++	        ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
++	         ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
++		  (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
+ 		xmlDumpElementContent(buf, content->c2, 1);
+ 	    else
+ 		xmlDumpElementContent(buf, content->c2, 0);
+ 	    break;
+ 	case XML_ELEMENT_CONTENT_OR:
+-	    if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+-	        (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
++	    if ((content->c1 != NULL) &&
++	        ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
++	         (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
+ 		xmlDumpElementContent(buf, content->c1, 1);
+ 	    else
+ 		xmlDumpElementContent(buf, content->c1, 0);
+             xmlBufferWriteChar(buf, " | ");
+-	    if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
+-	        ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
+-		 (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
++	    if ((content->c2 != NULL) &&
++	        ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
++	         ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
++		  (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
+ 		xmlDumpElementContent(buf, content->c2, 1);
+ 	    else
+ 		xmlDumpElementContent(buf, content->c2, 0);
+-- 
+2.14.1
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7375.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7375.patch
new file mode 100644
index 00000000000..db9d597ad73
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7375.patch
@@ -0,0 +1,35 @@
+From 9ea49a06b9421b6a3a9c243fb1ec23b19bd6b049 Mon Sep 17 00:00:00 2001
+From: Neel Mehta <nmehta@google.com>
+Date: Fri, 7 Apr 2017 17:43:02 +0200
+Subject: [PATCH 7/7] Prevent unwanted external entity reference
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=780691
+
+* parser.c: add a specific check to avoid PE reference
+---
+ parser.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index 8e11c127..e8e962bb 100644
+--- a/parser.c
++++ b/parser.c
+@@ -8125,6 +8125,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
+ 	    if (xmlPushInput(ctxt, input) < 0)
+ 		return;
+ 	} else {
++	    if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
++	        ((ctxt->options & XML_PARSE_NOENT) == 0) &&
++		((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
++		((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
++		((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
++		(ctxt->replaceEntities == 0) &&
++		(ctxt->validate == 0))
++		return;
++
+ 	    /*
+ 	     * TODO !!!
+ 	     * handle the extra spaces added before and after
+-- 
+2.14.1
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9047-9048.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9047-9048.patch
new file mode 100644
index 00000000000..f7c48cd877d
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9047-9048.patch
@@ -0,0 +1,116 @@
+From 839b89e678b5265a0e6b0477410e64fac669d578 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 3 Jun 2017 02:01:29 +0200
+Subject: [PATCH 4/7] Fix buffer size checks in xmlSnprintfElementContent
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+xmlSnprintfElementContent failed to correctly check the available
+buffer space in two locations.
+
+Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048).
+
+Thanks to Marcel Böhme and Thuan Pham for the report.
+---
+ result/valid/781333.xml         |  5 +++++
+ result/valid/781333.xml.err     |  3 +++
+ result/valid/781333.xml.err.rdr |  6 ++++++
+ test/valid/781333.xml           |  4 ++++
+ valid.c                         | 20 +++++++++++---------
+ 5 files changed, 29 insertions(+), 9 deletions(-)
+ create mode 100644 result/valid/781333.xml
+ create mode 100644 result/valid/781333.xml.err
+ create mode 100644 result/valid/781333.xml.err.rdr
+ create mode 100644 test/valid/781333.xml
+
+diff --git a/result/valid/781333.xml b/result/valid/781333.xml
+new file mode 100644
+index 00000000..45dc451d
+--- /dev/null
++++ b/result/valid/781333.xml
+@@ -0,0 +1,5 @@
++<?xml version="1.0"?>
++<!DOCTYPE a [
++<!ELEMENT a (ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
 ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
 ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
 ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
 pppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
 lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
 lllllllllllllllllllllllllllllllll)>
++]>
++<a/>
+diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
+new file mode 100644
+index 00000000..b401b49a
+--- /dev/null
++++ b/result/valid/781333.xml.err
+@@ -0,0 +1,3 @@
++./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got 
++<a/>
++    ^
+diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
+new file mode 100644
+index 00000000..5ff56992
+--- /dev/null
++++ b/result/valid/781333.xml.err.rdr
+@@ -0,0 +1,6 @@
++./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got 
++<a/>
++    ^
++./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
++
++^
+diff --git a/test/valid/781333.xml b/test/valid/781333.xml
+new file mode 100644
+index 00000000..b29e5a68
+--- /dev/null
++++ b/test/valid/781333.xml
+@@ -0,0 +1,4 @@
++<!DOCTYPE a [
++    <!ELEMENT a (ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
 ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
 ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
 ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
 pppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
 lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
 lllllllllllllllllllllllllllllllllllll)>
++]>
++<a/>
+diff --git a/valid.c b/valid.c
+index 0a8e58ab..8075d3a0 100644
+--- a/valid.c
++++ b/valid.c
+@@ -1266,22 +1266,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
+         case XML_ELEMENT_CONTENT_PCDATA:
+             strcat(buf, "#PCDATA");
+ 	    break;
+-	case XML_ELEMENT_CONTENT_ELEMENT:
++	case XML_ELEMENT_CONTENT_ELEMENT: {
++            int qnameLen = xmlStrlen(content->name);
++
++	    if (content->prefix != NULL)
++                qnameLen += xmlStrlen(content->prefix) + 1;
++	    if (size - len < qnameLen + 10) {
++		strcat(buf, " ...");
++		return;
++	    }
+ 	    if (content->prefix != NULL) {
+-		if (size - len < xmlStrlen(content->prefix) + 10) {
+-		    strcat(buf, " ...");
+-		    return;
+-		}
+ 		strcat(buf, (char *) content->prefix);
+ 		strcat(buf, ":");
+ 	    }
+-	    if (size - len < xmlStrlen(content->name) + 10) {
+-		strcat(buf, " ...");
+-		return;
+-	    }
+ 	    if (content->name != NULL)
+ 		strcat(buf, (char *) content->name);
+ 	    break;
++        }
+ 	case XML_ELEMENT_CONTENT_SEQ:
+ 	    if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+ 	        (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
+@@ -1323,6 +1324,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
+ 		xmlSnprintfElementContent(buf, size, content->c2, 0);
+ 	    break;
+     }
++    if (size - strlen(buf) <= 2) return;
+     if (englob)
+         strcat(buf, ")");
+     switch (content->ocur) {
+-- 
+2.14.1
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9049-9050.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9049-9050.patch
new file mode 100644
index 00000000000..abf43ef9815
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9049-9050.patch
@@ -0,0 +1,316 @@
+From 9c95d1b7f3951efe09df66ec41d7b19d6283084d Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 5 Jun 2017 15:37:17 +0200
+Subject: [PATCH 3/7] Fix handling of parameter-entity references
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+There were two bugs where parameter-entity references could lead to an
+unexpected change of the input buffer in xmlParseNameComplex and
+xmlDictLookup being called with an invalid pointer.
+
+Percent sign in DTD Names
+=========================
+
+The NEXTL macro used to call xmlParserHandlePEReference. When parsing
+"complex" names inside the DTD, this could result in entity expansion
+which created a new input buffer. The fix is to simply remove the call
+to xmlParserHandlePEReference from the NEXTL macro. This is safe because
+no users of the macro require expansion of parameter entities.
+
+- xmlParseNameComplex
+- xmlParseNCNameComplex
+- xmlParseNmtoken
+
+The percent sign is not allowed in names, which are grammatical tokens.
+
+- xmlParseEntityValue
+
+Parameter-entity references in entity values are expanded but this
+happens in a separate step in this function.
+
+- xmlParseSystemLiteral
+
+Parameter-entity references are ignored in the system literal.
+
+- xmlParseAttValueComplex
+- xmlParseCharDataComplex
+- xmlParseCommentComplex
+- xmlParsePI
+- xmlParseCDSect
+
+Parameter-entity references are ignored outside the DTD.
+
+- xmlLoadEntityContent
+
+This function is only called from xmlStringLenDecodeEntities and
+entities are replaced in a separate step immediately after the function
+call.
+
+This bug could also be triggered with an internal subset and double
+entity expansion.
+
+This fixes bug 766956 initially reported by Wei Lei and independently by
+Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
+involved.
+
+xmlParseNameComplex with XML_PARSE_OLD10
+========================================
+
+When parsing Names inside an expanded parameter entity with the
+XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
+GROW macro if the input buffer was exhausted. At the end of the
+parameter entity's replacement text, this function would then call
+xmlPopInput which invalidated the input buffer.
+
+There should be no need to invoke GROW in this situation because the
+buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
+at least for UTF-8, in xmlCurrentChar. This also matches the code path
+executed when XML_PARSE_OLD10 is not set.
+
+This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
+Thanks to Marcel Böhme and Thuan Pham for the report.
+
+Additional hardening
+====================
+
+A separate check was added in xmlParseNameComplex to validate the
+buffer size.
+---
+ Makefile.am                     | 18 ++++++++++++++++++
+ parser.c                        | 18 ++++++++++--------
+ result/errors10/781205.xml      |  0
+ result/errors10/781205.xml.err  | 21 +++++++++++++++++++++
+ result/errors10/781361.xml      |  0
+ result/errors10/781361.xml.err  | 13 +++++++++++++
+ result/valid/766956.xml         |  0
+ result/valid/766956.xml.err     |  9 +++++++++
+ result/valid/766956.xml.err.rdr | 10 ++++++++++
+ runtest.c                       |  3 +++
+ test/errors10/781205.xml        |  3 +++
+ test/errors10/781361.xml        |  3 +++
+ test/valid/766956.xml           |  2 ++
+ test/valid/dtds/766956.dtd      |  2 ++
+ 14 files changed, 94 insertions(+), 8 deletions(-)
+ create mode 100644 result/errors10/781205.xml
+ create mode 100644 result/errors10/781205.xml.err
+ create mode 100644 result/errors10/781361.xml
+ create mode 100644 result/errors10/781361.xml.err
+ create mode 100644 result/valid/766956.xml
+ create mode 100644 result/valid/766956.xml.err
+ create mode 100644 result/valid/766956.xml.err.rdr
+ create mode 100644 test/errors10/781205.xml
+ create mode 100644 test/errors10/781361.xml
+ create mode 100644 test/valid/766956.xml
+ create mode 100644 test/valid/dtds/766956.dtd
+
+diff --git a/Makefile.am b/Makefile.am
+index 3b52bae7..bf20124e 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
+ 	      if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
+ 	      rm result.$$name error.$$name ; \
+ 	  fi ; fi ; done)
++	@echo "## Error cases regression tests (old 1.0)"
++	-@(for i in $(srcdir)/test/errors10/*.xml ; do \
++	  name=`basename $$i`; \
++	  if [ ! -d $$i ] ; then \
++	  if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
++	      echo New test file $$name ; \
++	      $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
++	         2> $(srcdir)/result/errors10/$$name.err \
++		 > $(srcdir)/result/errors10/$$name ; \
++	      grep "MORY ALLO" .memdump  | grep -v "MEMORY ALLOCATED : 0"; \
++	  else \
++	      log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
++	      grep "MORY ALLO" .memdump  | grep -v "MEMORY ALLOCATED : 0"; \
++	      diff $(srcdir)/result/errors10/$$name result.$$name ; \
++	      diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
++	      if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
++	      rm result.$$name error.$$name ; \
++	  fi ; fi ; done)
+ 	@echo "## Error cases stream regression tests"
+ 	-@(for i in $(srcdir)/test/errors/*.xml ; do \
+ 	  name=`basename $$i`; \
+diff --git a/parser.c b/parser.c
+index 53a6b7f0..b832406a 100644
+--- a/parser.c
++++ b/parser.c
+@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
+ 	ctxt->input->line++; ctxt->input->col = 1;			\
+     } else ctxt->input->col++;						\
+     ctxt->input->cur += l;				\
+-    if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt);	\
+   } while (0)
+ 
+ #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
+@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ 	    len += l;
+ 	    NEXTL(l);
+ 	    c = CUR_CHAR(l);
+-	    if (c == 0) {
+-		count = 0;
+-		GROW;
+-                if (ctxt->instate == XML_PARSER_EOF)
+-                    return(NULL);
+-		c = CUR_CHAR(l);
+-	    }
+ 	}
+     }
+     if ((len > XML_MAX_NAME_LENGTH) &&
+@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+         xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+         return(NULL);
+     }
++    if (ctxt->input->cur - ctxt->input->base < len) {
++        /*
++         * There were a couple of bugs where PERefs lead to to a change
++         * of the buffer. Check the buffer size to avoid passing an invalid
++         * pointer to xmlDictLookup.
++         */
++        xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
++                    "unexpected change of input buffer");
++        return (NULL);
++    }
+     if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
+         return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
+     return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
+diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
+new file mode 100644
+index 00000000..e69de29b
+diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
+new file mode 100644
+index 00000000..da15c3f7
+--- /dev/null
++++ b/result/errors10/781205.xml.err
+@@ -0,0 +1,21 @@
++Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
++
++ %a; 
++    ^
++Entity: line 1: 
++<:0000
++^
++Entity: line 1: parser error : DOCTYPE improperly terminated
++ %a; 
++    ^
++Entity: line 1: 
++<:0000
++^
++namespace error : Failed to parse QName ':0000'
++ %a; 
++    ^
++<:0000
++      ^
++./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
++
++^
+diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
+new file mode 100644
+index 00000000..e69de29b
+diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
+new file mode 100644
+index 00000000..655f41a2
+--- /dev/null
++++ b/result/errors10/781361.xml.err
+@@ -0,0 +1,13 @@
++./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
++
++^
++./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
++
++
++^
++./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
++
++^
++./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
++
++^
+diff --git a/result/valid/766956.xml b/result/valid/766956.xml
+new file mode 100644
+index 00000000..e69de29b
+diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
+new file mode 100644
+index 00000000..34b1dae6
+--- /dev/null
++++ b/result/valid/766956.xml.err
+@@ -0,0 +1,9 @@
++test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
++%ä%ent;
++   ^
++Entity: line 1: parser error : Content error in the external subset
++ %ent; 
++      ^
++Entity: line 1: 
++value
++^
+diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
+new file mode 100644
+index 00000000..77603462
+--- /dev/null
++++ b/result/valid/766956.xml.err.rdr
+@@ -0,0 +1,10 @@
++test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
++%ä%ent;
++   ^
++Entity: line 1: parser error : Content error in the external subset
++ %ent; 
++      ^
++Entity: line 1: 
++value
++^
++./test/valid/766956.xml : failed to parse
+diff --git a/runtest.c b/runtest.c
+index 7d030bdc..cd233da9 100644
+--- a/runtest.c
++++ b/runtest.c
+@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
+     { "Error cases regression tests",
+       errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
+       0 },
++    { "Error cases regression tests (old 1.0)",
++      errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
++      XML_PARSE_OLD10 },
+ #ifdef LIBXML_READER_ENABLED
+     { "Error cases stream regression tests",
+       streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
+diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
+new file mode 100644
+index 00000000..d9e9e839
+--- /dev/null
++++ b/test/errors10/781205.xml
+@@ -0,0 +1,3 @@
++<!DOCTYPE D [
++  <!ENTITY % a "<:0000">
++  %a;
+diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
+new file mode 100644
+index 00000000..67476bcb
+--- /dev/null
++++ b/test/errors10/781361.xml
+@@ -0,0 +1,3 @@
++<!DOCTYPE doc [
++  <!ENTITY % elem "<!ELEMENT e0000000000">
++  %elem;
+diff --git a/test/valid/766956.xml b/test/valid/766956.xml
+new file mode 100644
+index 00000000..19a95a0e
+--- /dev/null
++++ b/test/valid/766956.xml
+@@ -0,0 +1,2 @@
++<!DOCTYPE test SYSTEM "dtds/766956.dtd">
++<test/>
+diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
+new file mode 100644
+index 00000000..dddde68b
+--- /dev/null
++++ b/test/valid/dtds/766956.dtd
+@@ -0,0 +1,2 @@
++<!ENTITY % ent "value">
++%ä%ent;
+-- 
+2.14.1
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch b/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch
new file mode 100644
index 00000000000..770a1832b19
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch
@@ -0,0 +1,32 @@
+From df4f9bdc7a37908ded8bd1fec4f75509eaa156de Mon Sep 17 00:00:00 2001
+From: David Kilzer <ddkilzer@apple.com>
+Date: Tue, 4 Jul 2017 18:38:03 +0200
+Subject: [PATCH 5/7] Heap-buffer-overflow read of size 1 in
+ xmlFAParsePosCharGroup
+
+Credit to OSS-Fuzz.
+
+Add a check to xmlFAParseCharRange() for the end of the buffer
+to prevent reading past the end of it.
+
+This fixes Bug 784017.
+---
+ xmlregexp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xmlregexp.c b/xmlregexp.c
+index ca3b4f46..6676c2a8 100644
+--- a/xmlregexp.c
++++ b/xmlregexp.c
+@@ -5051,7 +5051,7 @@ xmlFAParseCharRange(xmlRegParserCtxtPtr ctxt) {
+ 		return;
+ 	}
+         len = 1;
+-    } else if ((cur != 0x5B) && (cur != 0x5D)) {
++    } else if ((cur != '\0') && (cur != 0x5B) && (cur != 0x5D)) {
+         end = CUR_SCHAR(ctxt->cur, len);
+     } else {
+ 	ERROR("Expecting the end of a char range");
+-- 
+2.14.1
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-osd-validation.patch b/dev-libs/libxml2/files/libxml2-2.9.4-osd-validation.patch
new file mode 100644
index 00000000000..9d1a03346f6
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-osd-validation.patch
@@ -0,0 +1,66 @@
+From 8bc6baccc7da291c2338b8d95953ea487b0b3ca1 Mon Sep 17 00:00:00 2001
+From: Alex Henrie <alexhenrie24@gmail.com>
+Date: Thu, 26 May 2016 17:38:35 -0600
+Subject: [PATCH 2/7] Fix attribute decoding during XML schema validation
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=766834
+
+vctxt->parserCtxt is always NULL in xmlSchemaSAXHandleStartElementNs,
+so this function can't call xmlStringLenDecodeEntities to decode the
+entities.
+---
+ xmlschemas.c | 30 +++++++++++++++++++++++++-----
+ 1 file changed, 25 insertions(+), 5 deletions(-)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index e1b3a4f0..59535e5c 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -27391,6 +27391,7 @@ xmlSchemaSAXHandleStartElementNs(void *ctx,
+     * attributes yet.
+     */
+     if (nb_attributes != 0) {
++	int valueLen, k, l;
+ 	xmlChar *value;
+ 
+         for (j = 0, i = 0; i < nb_attributes; i++, j += 5) {
+@@ -27400,12 +27401,31 @@ xmlSchemaSAXHandleStartElementNs(void *ctx,
+ 	    * libxml2 differs from normal SAX here in that it escapes all ampersands
+ 	    * as &#38; instead of delivering the raw converted string. Changing the
+ 	    * behavior at this point would break applications that use this API, so
+-	    * we are forced to work around it. There is no danger of accidentally
+-	    * decoding some entity other than &#38; in this step because without
+-	    * unescaped ampersands there can be no other entities in the string.
++	    * we are forced to work around it.
+ 	    */
+-	    value = xmlStringLenDecodeEntities(vctxt->parserCtxt, attributes[j+3],
+-		attributes[j+4] - attributes[j+3], XML_SUBSTITUTE_REF, 0, 0, 0);
++	    valueLen = attributes[j+4] - attributes[j+3];
++	    value = xmlMallocAtomic(valueLen + 1);
++	    if (value == NULL) {
++		xmlSchemaVErrMemory(vctxt,
++		    "allocating string for decoded attribute",
++		    NULL);
++		goto internal_error;
++	    }
++	    for (k = 0, l = 0; k < valueLen; l++) {
++		if (k < valueLen - 4 &&
++		    attributes[j+3][k+0] == '&' &&
++		    attributes[j+3][k+1] == '#' &&
++		    attributes[j+3][k+2] == '3' &&
++		    attributes[j+3][k+3] == '8' &&
++		    attributes[j+3][k+4] == ';') {
++		    value[l] = '&';
++		    k += 5;
++		} else {
++		    value[l] = attributes[j+3][k];
++		    k++;
++		}
++	    }
++	    value[l] = '\0';
+ 	    /*
+ 	    * TODO: Set the node line.
+ 	    */
+-- 
+2.14.1
+

diff --git a/dev-libs/libxml2/libxml2-2.9.4-r2.ebuild b/dev-libs/libxml2/libxml2-2.9.4-r2.ebuild
new file mode 100644
index 00000000000..22b6dec79b0
--- /dev/null
+++ b/dev-libs/libxml2/libxml2-2.9.4-r2.ebuild
@@ -0,0 +1,231 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
+PYTHON_REQ_USE="xml"
+
+inherit libtool flag-o-matic ltprune python-r1 autotools prefix multilib-minimal
+
+DESCRIPTION="Version 2 of the library to manipulate XML files"
+HOMEPAGE="http://www.xmlsoft.org/"
+
+LICENSE="MIT"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="debug examples icu ipv6 lzma python readline static-libs test"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
+XSTS_NAME_1="xmlschema2002-01-16"
+XSTS_NAME_2="xmlschema2004-01-14"
+XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
+XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
+XMLCONF_TARBALL="xmlts20080827.tar.gz"
+
+SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
+	test? (
+		${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
+		${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
+		http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )"
+
+RDEPEND="
+	>=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+	icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+	python? ( ${PYTHON_DEPS} )
+	readline? ( sys-libs/readline:= )
+"
+DEPEND="${EDEPEND}
+	dev-util/gtk-doc-am
+	virtual/pkgconfig
+	hppa? ( >=sys-devel/binutils-2.15.92.0.2 )
+"
+
+S="${WORKDIR}/${PN}-${PV%_rc*}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/xml2-config
+)
+
+src_unpack() {
+	# ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR,
+	# as they are needed as tarballs in ${S}/xstc instead and not unpacked
+	unpack ${P/_rc/-rc}.tar.gz
+	cd "${S}" || die
+
+	if use test; then
+		cp "${DISTDIR}/${XSTS_TARBALL_1}" \
+			"${DISTDIR}/${XSTS_TARBALL_2}" \
+			"${S}"/xstc/ \
+			|| die "Failed to install test tarballs"
+		unpack ${XMLCONF_TARBALL}
+	fi
+}
+
+src_prepare() {
+	default
+
+	DOCS=( AUTHORS ChangeLog NEWS README* TODO* )
+
+	# Patches needed for prefix support
+	eapply "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
+
+	eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
+
+	# Fix build for Windows platform
+	# https://bugzilla.gnome.org/show_bug.cgi?id=760456
+	eapply "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
+
+	# Disable programs that we don't actually install.
+	# https://bugzilla.gnome.org/show_bug.cgi?id=760457
+	eapply "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
+
+	# Fix python detection, bug #567066
+	# https://bugzilla.gnome.org/show_bug.cgi?id=760458
+	eapply "${FILESDIR}"/${PN}-2.9.2-python-ABIFLAG.patch
+
+	# Apply round of security patches wrt bugs 
+	# 589816, 597112, 597114, 597116.  This will be included
+	# in the next upstream release
+	eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-4658.patch
+	eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-5131.patch
+	eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef.patch
+	eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef2.patch
+
+	# Apply round of security patches wrt bugs:
+	# 599192, 586886, 618604, 622914, 605208, 623206
+	# This will be included in the next upstream release
+	eapply "${FILESDIR}"/${P}-CVE-2017-5969.patch
+	eapply "${FILESDIR}"/${P}-osd-validation.patch
+	eapply "${FILESDIR}"/${P}-CVE-2017-9049-9050.patch
+	eapply "${FILESDIR}"/${P}-CVE-2017-9047-9048.patch
+	eapply "${FILESDIR}"/${P}-heap-buffer-overflow.patch
+	eapply "${FILESDIR}"/${P}-CVE-2016-9318.patch
+	eapply "${FILESDIR}"/${P}-CVE-2017-7375.patch
+
+	# Avoid final linking arguments for python modules
+	if [[ ${CHOST} == *-darwin* ]] ; then
+		sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die
+	fi
+
+	# Please do not remove, as else we get references to PORTAGE_TMPDIR
+	# in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+	# We now need to run eautoreconf at the end to prevent maintainer mode.
+#	elibtoolize
+#	epunt_cxx # if we don't eautoreconf
+
+	eautoreconf
+}
+
+multilib_src_configure() {
+	# filter seemingly problematic CFLAGS (#26320)
+	filter-flags -fprefetch-loop-arrays -funroll-loops
+
+	# USE zlib support breaks gnome2
+	# (libgnomeprint for instance fails to compile with
+	# fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
+
+	# The meaning of the 'debug' USE flag does not apply to the --with-debug
+	# switch (enabling the libxml2 debug module). See bug #100898.
+
+	# --with-mem-debug causes unusual segmentation faults (bug #105120).
+
+	libxml2_configure() {
+		ECONF_SOURCE="${S}" econf \
+			--with-html-subdir=${PF}/html \
+			$(use_with debug run-debug) \
+			$(use_with icu) \
+			$(use_with lzma) \
+			$(use_enable ipv6) \
+			$(use_enable static-libs static) \
+			$(multilib_native_use_with readline) \
+			$(multilib_native_use_with readline history) \
+			"$@"
+	}
+
+	libxml2_py_configure() {
+		mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist
+		run_in_build_dir libxml2_configure "--with-python=${ROOT%/}${PYTHON}" # odd build system, also see bug #582130
+	}
+
+	libxml2_configure --without-python # build python bindings separately
+
+	if multilib_is_native_abi && use python; then
+		python_foreach_impl libxml2_py_configure
+	fi
+}
+
+multilib_src_compile() {
+	default
+	if multilib_is_native_abi && use python; then
+		local native_builddir=${BUILD_DIR}
+		python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all
+	fi
+}
+
+multilib_src_test() {
+	default
+	multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" \
+		EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install
+
+	if multilib_is_native_abi && use python; then
+		python_foreach_impl libxml2_py_emake \
+			DESTDIR="${D}" \
+			docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \
+			exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \
+			install
+		python_foreach_impl python_optimize
+	fi
+}
+
+multilib_src_install_all() {
+	# on windows, xmllint is installed by interix libxml2 in parent prefix.
+	# this is the version to use. the native winnt version does not support
+	# symlinks, which makes repoman fail if the portage tree is linked in
+	# from another location (which is my default). -- mduft
+	if [[ ${CHOST} == *-winnt* ]]; then
+		rm -rf "${ED}"/usr/bin/xmllint
+		rm -rf "${ED}"/usr/bin/xmlcatalog
+	fi
+
+	rm -rf "${ED}"/usr/share/doc/${P}
+	einstalldocs
+
+	if ! use examples; then
+		rm -rf "${ED}"/usr/share/doc/${PF}/examples
+		rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
+	fi
+
+	prune_libtool_files --modules
+}
+
+pkg_postinst() {
+	# We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
+	# be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
+	if [[ "${ROOT}" != "/" ]]; then
+		elog "Skipping XML catalog creation for stage building (bug #208887)."
+	else
+		# need an XML catalog, so no-one writes to a non-existent one
+		CATALOG="${EROOT}etc/xml/catalog"
+
+		# we dont want to clobber an existing catalog though,
+		# only ensure that one is there
+		# <obz@gentoo.org>
+		if [[ ! -e ${CATALOG} ]]; then
+			[[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml"
+			"${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
+			einfo "Created XML catalog in ${CATALOG}"
+		fi
+	fi
+}
+
+libxml2_py_emake() {
+	pushd "${BUILD_DIR}/python" > /dev/null || die
+	emake "$@"
+	popd > /dev/null
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/

[Mart Raudsepp]

commit:     adb3a6266e0b366780309bab1e9b79db48a8b10a
Author:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 17 15:07:16 2017 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Tue Jan 17 15:07:16 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=adb3a626

dev-libs/libxml2: Security cleanup (bug #597116)

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 dev-libs/libxml2/Manifest                          |   2 -
 .../files/libxml2-2.9.2-constant-memory.patch      | 176 ----------------
 .../files/libxml2-2.9.2-cross-compile.patch        |  17 --
 .../files/libxml2-2.9.2-cve-2015-7941-1.patch      |  32 ---
 .../files/libxml2-2.9.2-cve-2015-7941-2.patch      |  49 -----
 .../files/libxml2-2.9.2-cve-2015-8035.patch        |  31 ---
 .../libxml2/files/libxml2-2.9.2-fix-lzma.patch     | 114 ----------
 .../files/libxml2-2.9.2-icu-pkgconfig.patch        |  26 ---
 .../files/libxml2-2.9.2-missing-entities.patch     |  31 ---
 ...ml2-2.9.2-overflow-conditional-sections-1.patch |  32 ---
 ...ml2-2.9.2-overflow-conditional-sections-2.patch |  28 ---
 ...bxml2-2.9.2-revert-missing-initialization.patch |  26 ---
 .../files/libxml2-2.9.2-threads-declarations.patch |  48 -----
 dev-libs/libxml2/files/libxml2-2.9.2-timsort.patch | 128 ------------
 .../files/libxml2-2.9.2-unclosed-comments.patch    |  65 ------
 dev-libs/libxml2/libxml2-2.9.2-r4.ebuild           | 230 ---------------------
 dev-libs/libxml2/libxml2-2.9.3.ebuild              | 215 -------------------
 dev-libs/libxml2/libxml2-2.9.4.ebuild              |   4 +-
 18 files changed, 2 insertions(+), 1252 deletions(-)

diff --git a/dev-libs/libxml2/Manifest b/dev-libs/libxml2/Manifest
index a98d740..78dfb10 100644
--- a/dev-libs/libxml2/Manifest
+++ b/dev-libs/libxml2/Manifest
@@ -1,5 +1,3 @@
-DIST libxml2-2.9.2.tar.gz 5444991 SHA256 5178c30b151d044aefb1b08bf54c3003a0ac55c59c866763997529d60770d5bc SHA512 a4e3b20e2efceed39c20379b32b746d4a1cf65c0cf7719d26c9bf7483c1f04a4e5a442ae2f36dc4ae8a4d011b67cfb58d9f6d0be034fa3e897a49059c9289565 WHIRLPOOL d7a77cb6ad49533cf62f6a759668e297a60dd7f70c9e13b29f682c64dfb25ae46eb9db552500130f40e3f969897bda996001d18236a4630e3713f6dd5acbe686
-DIST libxml2-2.9.3.tar.gz 5477112 SHA256 4de9e31f46b44d34871c22f54bfc54398ef124d6f7cafb1f4a5958fbcd3ba12d SHA512 078afa65229de4f23e6538767253fb4f9f61d96cb72e445179c71d536b224d54922f22972a2b71434796f83f8c99f6a46c3b8813cb4582ad9fca696d141e0abb WHIRLPOOL 34006c371ef85ce05a4f662bfda9f06e7d7fec737a02e023bc3153584d4dcff26be45673b7989091dadd10882765fa3a2abe67c5d1f5aa476d84b9bb57b83b73
 DIST libxml2-2.9.4.tar.gz 5374830 SHA256 ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c SHA512 f5174ab1a3a0ec0037a47f47aa47def36674e02bfb42b57f609563f84c6247c585dbbb133c056953a5adb968d328f18cbc102eb0d00d48eb7c95478389e5daf9 WHIRLPOOL 268d3364a3d293810dff060b3ab92042c5550e50dbe9038c4d5b54ea6a22ed77f9572575517ae3bacfe518d634047eb9d5345e903b125e56a3d32ad1ba96dabf
 DIST xmlts20080827.tar.gz 638940 SHA256 96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7 SHA512 7325d0977c4427fc4944b291ccf896a665f654cc24399e5565c12a849c2bc3aef4fa3ee42a09ac115abcb6570c51a8fbd052c38d64d164279ecdecad5a4e884d WHIRLPOOL 50835380c3ea208df0bf9ce032ed2df69c4c6cb5a53ffdd39a08fb4f1d166f311b2ef2fe0d9911ae1ebff92aeb42f6ea55e727dfe0b7a3b95e6c7240315b3eda
 DIST xsts-2002-01-16.tar.gz 6894439 SHA256 55e5c08db29946a91ea8e70e8f2418d3fd30d8b6777941dfba7f54726ffd9914 SHA512 43300af6d39c1e2221b0ed7318fe14c7464eeb6eb030ed1e22eb29b4ab17f014e2a4c8887c3a46ae5d243e3072da27f00f4e285498ae6f1288177d38d1108288 WHIRLPOOL 84dd51959460a4f8aa582d57ad39229c546ca7fe155012c57c368b59f5d31400d8b940a343a7320058330ca611303139cacdffed514783f96406ac5366026b11

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-constant-memory.patch b/dev-libs/libxml2/files/libxml2-2.9.2-constant-memory.patch
deleted file mode 100644
index dc944b6..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-constant-memory.patch
+++ /dev/null
@@ -1,176 +0,0 @@
-From 213f1fe0d76d30eaed6e5853057defc43e6df2c9 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 14 Apr 2015 17:41:48 +0800
-Subject: [PATCH] CVE-2015-1819 Enforce the reader to run in constant memory
-
-One of the operation on the reader could resolve entities
-leading to the classic expansion issue. Make sure the
-buffer used for xmlreader operation is bounded.
-Introduce a new allocation type for the buffers for this effect.
----
- buf.c                 | 43 ++++++++++++++++++++++++++++++++++++++++++-
- include/libxml/tree.h |  3 ++-
- xmlreader.c           | 20 +++++++++++++++++++-
- 3 files changed, 63 insertions(+), 3 deletions(-)
-
-diff --git a/buf.c b/buf.c
-index 6efc7b6..07922ff 100644
---- a/buf.c
-+++ b/buf.c
-@@ -27,6 +27,7 @@
- #include <libxml/tree.h>
- #include <libxml/globals.h>
- #include <libxml/tree.h>
-+#include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */
- #include "buf.h"
- 
- #define WITH_BUFFER_COMPAT
-@@ -299,7 +300,8 @@ xmlBufSetAllocationScheme(xmlBufPtr buf,
-     if ((scheme == XML_BUFFER_ALLOC_DOUBLEIT) ||
-         (scheme == XML_BUFFER_ALLOC_EXACT) ||
-         (scheme == XML_BUFFER_ALLOC_HYBRID) ||
--        (scheme == XML_BUFFER_ALLOC_IMMUTABLE)) {
-+        (scheme == XML_BUFFER_ALLOC_IMMUTABLE) ||
-+	(scheme == XML_BUFFER_ALLOC_BOUNDED)) {
- 	buf->alloc = scheme;
-         if (buf->buffer)
-             buf->buffer->alloc = scheme;
-@@ -458,6 +460,18 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t len) {
-     size = buf->use + len + 100;
- #endif
- 
-+    if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+        /*
-+	 * Used to provide parsing limits
-+	 */
-+        if ((buf->use + len >= XML_MAX_TEXT_LENGTH) ||
-+	    (buf->size >= XML_MAX_TEXT_LENGTH)) {
-+	    xmlBufMemoryError(buf, "buffer error: text too long\n");
-+	    return(0);
-+	}
-+	if (size >= XML_MAX_TEXT_LENGTH)
-+	    size = XML_MAX_TEXT_LENGTH;
-+    }
-     if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
-         size_t start_buf = buf->content - buf->contentIO;
- 
-@@ -739,6 +753,15 @@ xmlBufResize(xmlBufPtr buf, size_t size)
-     CHECK_COMPAT(buf)
- 
-     if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
-+    if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+        /*
-+	 * Used to provide parsing limits
-+	 */
-+        if (size >= XML_MAX_TEXT_LENGTH) {
-+	    xmlBufMemoryError(buf, "buffer error: text too long\n");
-+	    return(0);
-+	}
-+    }
- 
-     /* Don't resize if we don't have to */
-     if (size < buf->size)
-@@ -867,6 +890,15 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) {
- 
-     needSize = buf->use + len + 2;
-     if (needSize > buf->size){
-+	if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+	    /*
-+	     * Used to provide parsing limits
-+	     */
-+	    if (needSize >= XML_MAX_TEXT_LENGTH) {
-+		xmlBufMemoryError(buf, "buffer error: text too long\n");
-+		return(-1);
-+	    }
-+	}
-         if (!xmlBufResize(buf, needSize)){
- 	    xmlBufMemoryError(buf, "growing buffer");
-             return XML_ERR_NO_MEMORY;
-@@ -938,6 +970,15 @@ xmlBufAddHead(xmlBufPtr buf, const xmlChar *str, int len) {
-     }
-     needSize = buf->use + len + 2;
-     if (needSize > buf->size){
-+	if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+	    /*
-+	     * Used to provide parsing limits
-+	     */
-+	    if (needSize >= XML_MAX_TEXT_LENGTH) {
-+		xmlBufMemoryError(buf, "buffer error: text too long\n");
-+		return(-1);
-+	    }
-+	}
-         if (!xmlBufResize(buf, needSize)){
- 	    xmlBufMemoryError(buf, "growing buffer");
-             return XML_ERR_NO_MEMORY;
-diff --git a/include/libxml/tree.h b/include/libxml/tree.h
-index 2f90717..4a9b3bc 100644
---- a/include/libxml/tree.h
-+++ b/include/libxml/tree.h
-@@ -76,7 +76,8 @@ typedef enum {
-     XML_BUFFER_ALLOC_EXACT,	/* grow only to the minimal size */
-     XML_BUFFER_ALLOC_IMMUTABLE, /* immutable buffer */
-     XML_BUFFER_ALLOC_IO,	/* special allocation scheme used for I/O */
--    XML_BUFFER_ALLOC_HYBRID	/* exact up to a threshold, and doubleit thereafter */
-+    XML_BUFFER_ALLOC_HYBRID,	/* exact up to a threshold, and doubleit thereafter */
-+    XML_BUFFER_ALLOC_BOUNDED	/* limit the upper size of the buffer */
- } xmlBufferAllocationScheme;
- 
- /**
-diff --git a/xmlreader.c b/xmlreader.c
-index f19e123..471e7e2 100644
---- a/xmlreader.c
-+++ b/xmlreader.c
-@@ -2091,6 +2091,9 @@ xmlNewTextReader(xmlParserInputBufferPtr input, const char *URI) {
- 		"xmlNewTextReader : malloc failed\n");
- 	return(NULL);
-     }
-+    /* no operation on a reader should require a huge buffer */
-+    xmlBufSetAllocationScheme(ret->buffer,
-+			      XML_BUFFER_ALLOC_BOUNDED);
-     ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
-     if (ret->sax == NULL) {
- 	xmlBufFree(ret->buffer);
-@@ -3616,6 +3619,7 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
- 	    return(((xmlNsPtr) node)->href);
-         case XML_ATTRIBUTE_NODE:{
- 	    xmlAttrPtr attr = (xmlAttrPtr) node;
-+	    const xmlChar *ret;
- 
- 	    if ((attr->children != NULL) &&
- 	        (attr->children->type == XML_TEXT_NODE) &&
-@@ -3629,10 +3633,21 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
-                                         "xmlTextReaderSetup : malloc failed\n");
-                         return (NULL);
-                     }
-+		    xmlBufSetAllocationScheme(reader->buffer,
-+		                              XML_BUFFER_ALLOC_BOUNDED);
-                 } else
-                     xmlBufEmpty(reader->buffer);
- 	        xmlBufGetNodeContent(reader->buffer, node);
--		return(xmlBufContent(reader->buffer));
-+		ret = xmlBufContent(reader->buffer);
-+		if (ret == NULL) {
-+		    /* error on the buffer best to reallocate */
-+		    xmlBufFree(reader->buffer);
-+		    reader->buffer = xmlBufCreateSize(100);
-+		    xmlBufSetAllocationScheme(reader->buffer,
-+		                              XML_BUFFER_ALLOC_BOUNDED);
-+		    ret = BAD_CAST "";
-+		}
-+		return(ret);
- 	    }
- 	    break;
- 	}
-@@ -5131,6 +5146,9 @@ xmlTextReaderSetup(xmlTextReaderPtr reader,
-                         "xmlTextReaderSetup : malloc failed\n");
-         return (-1);
-     }
-+    /* no operation on a reader should require a huge buffer */
-+    xmlBufSetAllocationScheme(reader->buffer,
-+			      XML_BUFFER_ALLOC_BOUNDED);
-     if (reader->sax == NULL)
- 	reader->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
-     if (reader->sax == NULL) {
--- 
-2.3.5
-

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-cross-compile.patch b/dev-libs/libxml2/files/libxml2-2.9.2-cross-compile.patch
deleted file mode 100644
index 447222e..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-cross-compile.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-https://bugzilla.gnome.org/show_bug.cgi?id=749416
-
-do not use -L$Z_DIR/lib when Z_DIR isn't actually set
-
---- a/configure.ac
-+++ b/configure.ac
-@@ -392,7 +392,9 @@ if test "$with_zlib" = "no"; then
- else
-     AC_CHECK_HEADERS(zlib.h,
-         [SAVE_LDFLAGS="${LDFLAGS}"
--	 LDFLAGS="-L${Z_DIR}/lib"
-+	if test "x${Z_DIR}" != "x"; then
-+	    LDFLAGS="${LDFLAGS} -L${Z_DIR}/lib"
-+	fi
- 	AC_CHECK_LIB(z, gzread,[
- 	    AC_DEFINE([HAVE_LIBZ], [1], [Have compression library])
- 	    WITH_ZLIB=1

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-1.patch b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-1.patch
deleted file mode 100644
index 8a6c98c..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-1.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Mon, 23 Feb 2015 11:17:35 +0800
-Subject: [PATCH] Stop parsing on entities boundaries errors
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=744980
-
-There are times, like on unterminated entities that it's preferable to
-stop parsing, even if that means less error reporting. Entities are
-feeding the parser on further processing, and if they are ill defined
-then it's possible to get the parser to bug. Also do the same on
-Conditional Sections if the input is broken, as the structure of
-the document can't be guessed.
----
- parser.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/parser.c b/parser.c
-index a8d1b67..bbe97eb 100644
---- a/parser.c
-+++ b/parser.c
-@@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
- 	if (RAW != '>') {
- 	    xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
- 	            "xmlParseEntityDecl: entity %s not terminated\n", name);
-+	    xmlStopParser(ctxt);
- 	} else {
- 	    if (input != ctxt->input) {
- 		xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
--- 
-2.4.10
-

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-2.patch b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-2.patch
deleted file mode 100644
index df30c89..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-2.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Mon, 23 Feb 2015 11:29:20 +0800
-Subject: [PATCH] Cleanup conditional section error handling
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=744980
-
-The error handling of Conditional Section also need to be
-straightened as the structure of the document can't be
-guessed on a failure there and it's better to stop parsing
-as further errors are likely to be irrelevant.
----
- parser.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/parser.c b/parser.c
-index bbe97eb..fe603ac 100644
---- a/parser.c
-+++ b/parser.c
-@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- 	SKIP_BLANKS;
- 	if (RAW != '[') {
- 	    xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
-+	    xmlStopParser(ctxt);
-+	    return;
- 	} else {
- 	    if (ctxt->input->id != id) {
- 		xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
-@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- 	SKIP_BLANKS;
- 	if (RAW != '[') {
- 	    xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
-+	    xmlStopParser(ctxt);
-+	    return;
- 	} else {
- 	    if (ctxt->input->id != id) {
- 		xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
-@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- 
-     } else {
- 	xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
-+	xmlStopParser(ctxt);
-+	return;
-     }
- 
-     if (RAW == 0)
--- 
-2.4.10
-

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-8035.patch b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-8035.patch
deleted file mode 100644
index f51863e..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-8035.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 3 Nov 2015 15:31:25 +0800
-Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=757466
-DoS when parsing specially crafted XML document if XZ support
-is compiled in (which wasn't the case for 2.9.2 and master since
-Nov 2013, fixed in next commit !)
----
- xzlib.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/xzlib.c b/xzlib.c
-index 0dcb9f4..1fab546 100644
---- a/xzlib.c
-+++ b/xzlib.c
-@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
-             xz_error(state, LZMA_DATA_ERROR, "compressed data error");
-             return -1;
-         }
-+        if (ret == LZMA_PROG_ERROR) {
-+            xz_error(state, LZMA_PROG_ERROR, "compression error");
-+            return -1;
-+        }
-     } while (strm->avail_out && ret != LZMA_STREAM_END);
- 
-     /* update available output and crc check value */
--- 
-2.4.10
-

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-fix-lzma.patch b/dev-libs/libxml2/files/libxml2-2.9.2-fix-lzma.patch
deleted file mode 100644
index e9b6da6..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-fix-lzma.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From 18b8988511b0954272cac4d6c3e6724f9dbf6e0a Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 3 Nov 2015 15:46:29 +0800
-Subject: [PATCH] Reenable xz support by default
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=757466
-
-problem was introduced by commit f3f86ff465c92c79f834d7b981f3c7274a8bb5c8
-for https://bugzilla.gnome.org/show_bug.cgi?id=711026
----
- configure.ac |  3 +++
- xmlIO.c      | 12 ++++++------
- xzlib.c      |  6 ++++--
- 3 files changed, 13 insertions(+), 8 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 14ac0a8..48e0577 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -445,6 +445,9 @@ else
-                 fi],
-                 [have_liblzma=no])
- 	     LDFLAGS="${SAVE_LDFLAGS}"])
-+    else
-+	# we still need to check for lzma,h header
-+	AC_CHECK_HEADERS([lzma.h])
-     fi
- 
-     # Found the library via either method?
-diff --git a/xmlIO.c b/xmlIO.c
-index e628ab0..8b13184 100644
---- a/xmlIO.c
-+++ b/xmlIO.c
-@@ -1334,7 +1334,7 @@ xmlGzfileClose (void * context) {
- }
- #endif /* HAVE_ZLIB_H */
- 
--#ifdef HAVE_LZMA_H
-+#ifdef LIBXML_LZMA_ENABLED
- /************************************************************************
-  *									*
-  *		I/O for compressed file accesses			*
-@@ -1451,7 +1451,7 @@ xmlXzfileClose (void * context) {
-     if (ret < 0) xmlIOErr(0, "xzclose()");
-     return(ret);
- }
--#endif /* HAVE_LZMA_H */
-+#endif /* LIBXML_LZMA_ENABLED */
- 
- #ifdef LIBXML_HTTP_ENABLED
- /************************************************************************
-@@ -2328,10 +2328,10 @@ xmlRegisterDefaultInputCallbacks(void) {
-     xmlRegisterInputCallbacks(xmlGzfileMatch, xmlGzfileOpen,
- 	                      xmlGzfileRead, xmlGzfileClose);
- #endif /* HAVE_ZLIB_H */
--#ifdef HAVE_LZMA_H
-+#ifdef LIBXML_LZMA_ENABLED
-     xmlRegisterInputCallbacks(xmlXzfileMatch, xmlXzfileOpen,
- 	                      xmlXzfileRead, xmlXzfileClose);
--#endif /* HAVE_ZLIB_H */
-+#endif /* LIBXML_LZMA_ENABLED */
- 
- #ifdef LIBXML_HTTP_ENABLED
-     xmlRegisterInputCallbacks(xmlIOHTTPMatch, xmlIOHTTPOpen,
-@@ -2683,7 +2683,7 @@ __xmlParserInputBufferCreateFilename(const char *URI, xmlCharEncoding enc) {
- #endif
- 	}
- #endif
--#ifdef HAVE_LZMA_H
-+#ifdef LIBXML_LZMA_ENABLED
- 	if ((xmlInputCallbackTable[i].opencallback == xmlXzfileOpen) &&
- 		(strcmp(URI, "-") != 0)) {
-             ret->compressed = __libxml2_xzcompressed(context);
-@@ -3350,7 +3350,7 @@ xmlParserInputBufferGrow(xmlParserInputBufferPtr in, int len) {
-      * try to establish compressed status of input if not done already
-      */
-     if (in->compressed == -1) {
--#ifdef HAVE_LZMA_H
-+#ifdef LIBXML_LZMA_ENABLED
- 	if (in->readcallback == xmlXzfileRead)
-             in->compressed = __libxml2_xzcompressed(in->context);
- #endif
-diff --git a/xzlib.c b/xzlib.c
-index 1fab546..782957f 100644
---- a/xzlib.c
-+++ b/xzlib.c
-@@ -8,7 +8,7 @@
-  */
- #define IN_LIBXML
- #include "libxml.h"
--#ifdef HAVE_LZMA_H
-+#ifdef LIBXML_LZMA_ENABLED
- 
- #include <string.h>
- #ifdef HAVE_ERRNO_H
-@@ -34,7 +34,9 @@
- #ifdef HAVE_ZLIB_H
- #include <zlib.h>
- #endif
-+#ifdef HAVE_LZMA_H
- #include <lzma.h>
-+#endif
- 
- #include "xzlib.h"
- #include <libxml/xmlmemory.h>
-@@ -799,4 +801,4 @@ __libxml2_xzclose(xzFile file)
-     xmlFree(state);
-     return ret ? ret : LZMA_OK;
- }
--#endif /* HAVE_LZMA_H */
-+#endif /* LIBXML_LZMA_ENABLED */
--- 
-2.4.10
-

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-icu-pkgconfig.patch b/dev-libs/libxml2/files/libxml2-2.9.2-icu-pkgconfig.patch
deleted file mode 100644
index 7a84fac..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-icu-pkgconfig.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff --git a/configure.in b/configure.in
-index 7374564..13c8d4e 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1444,19 +1444,11 @@ XML_LIBTOOLLIBS="libxml2.la"
- AC_SUBST(WITH_ICONV)
- 
- WITH_ICU=0
--ICU_LIBS=""
- if test "$with_icu" != "yes" ; then
-     echo Disabling ICU support
- else
--    ICU_CONFIG=icu-config
--    if ${ICU_CONFIG} --cflags >/dev/null 2>&1
--    then
--        ICU_LIBS=`${ICU_CONFIG} --ldflags`
--        WITH_ICU=1
--        echo Enabling ICU support
--    else
--        AC_MSG_ERROR([libicu config program icu-config not found])
--    fi
-+    PKG_CHECK_MODULES(ICU, icu-i18n)
-+    WITH_ICU=1
- fi
- AC_SUBST(WITH_ICU)
- AC_SUBST(ICU_LIBS)

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-missing-entities.patch b/dev-libs/libxml2/files/libxml2-2.9.2-missing-entities.patch
deleted file mode 100644
index 7a10e20..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-missing-entities.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Thu, 23 Oct 2014 11:35:36 +0800
-Subject: [PATCH] Fix missing entities after CVE-2014-3660 fix
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=738805
-
-The fix for CVE-2014-3660 introduced a regression in some case
-where entity substitution is required and the entity is used
-first in anotther entity referenced from an attribute value
----
- parser.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index 67c9dfd..a8d1b67 100644
---- a/parser.c
-+++ b/parser.c
-@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
-      * far more secure as the parser will only process data coming from
-      * the document entity by default.
-      */
--    if ((ent->checked == 0) &&
-+    if (((ent->checked == 0) ||
-+         ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&
-         ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
-          (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
- 	unsigned long oldnbent = ctxt->nbentities;
--- 
-2.3.5
-

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-1.patch b/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-1.patch
deleted file mode 100644
index bb0766a..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-1.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From bd0526e66a56e75a18da8c15c4750db8f801c52d Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Fri, 23 Oct 2015 19:02:28 +0800
-Subject: Another variation of overflow in Conditional sections
-
-Which happen after the previous fix to
-https://bugzilla.gnome.org/show_bug.cgi?id=756456
-
-But stopping the parser and exiting we didn't pop the intermediary entities
-and doing the SKIP there applies on an input which may be too small
----
- parser.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index a65e4cc..b9217ff 100644
---- a/parser.c
-+++ b/parser.c
-@@ -6915,7 +6915,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- 	"All markup of the conditional section is not in the same entity\n",
- 				 NULL, NULL);
- 	}
--        SKIP(3);
-+	if ((ctxt-> instate != XML_PARSER_EOF) &&
-+	    ((ctxt->input->cur + 3) < ctxt->input->end))
-+	    SKIP(3);
-     }
- }
- 
--- 
-cgit v0.11.2
-

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-2.patch b/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-2.patch
deleted file mode 100644
index 1a059fe..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-2.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 41ac9049a27f52e7a1f3b341f8714149fc88d450 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 27 Oct 2015 10:53:44 +0800
-Subject: Fix an error in previous Conditional section patch
-
-an off by one mistake in the change, led to error on correct
-document where the end of the included entity was exactly
-the end of the conditional section, leading to regtest failure
----
- parser.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index b9217ff..d67b300 100644
---- a/parser.c
-+++ b/parser.c
-@@ -6916,7 +6916,7 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- 				 NULL, NULL);
- 	}
- 	if ((ctxt-> instate != XML_PARSER_EOF) &&
--	    ((ctxt->input->cur + 3) < ctxt->input->end))
-+	    ((ctxt->input->cur + 3) <= ctxt->input->end))
- 	    SKIP(3);
-     }
- }
--- 
-cgit v0.11.2
-

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-revert-missing-initialization.patch b/dev-libs/libxml2/files/libxml2-2.9.2-revert-missing-initialization.patch
deleted file mode 100644
index d98b382..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-revert-missing-initialization.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From f65128f38289d77ff322d63aef2858cc0a819c34 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Fri, 17 Oct 2014 17:13:41 +0800
-Subject: Revert "Missing initialization for the catalog module"
-
-This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7.
-As this break xmlcatalog command
-https://bugzilla.redhat.com/show_bug.cgi?id=1153753
-
-diff --git a/parser.c b/parser.c
-index 1d93967..67c9dfd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -14830,9 +14830,6 @@ xmlInitParser(void) {
- #ifdef LIBXML_XPATH_ENABLED
- 	xmlXPathInit();
- #endif
--#ifdef LIBXML_CATALOG_ENABLED
--        xmlInitializeCatalog();
--#endif
- 	xmlParserInitialized = 1;
- #ifdef LIBXML_THREAD_ENABLED
-     }
--- 
-cgit v0.10.1
-

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-threads-declarations.patch b/dev-libs/libxml2/files/libxml2-2.9.2-threads-declarations.patch
deleted file mode 100644
index 1236f62..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-threads-declarations.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From fff8a6b87e05200a0ad0af6f86c2e859c7de9172 Mon Sep 17 00:00:00 2001
-From: Michael Heimpold <mhei@heimpold.de>
-Date: Mon, 22 Dec 2014 11:12:12 +0800
-Subject: [PATCH] threads: use forward declarations only for glibc
-
-Fixes bug #704908
-
-The declarations of pthread functions, used to generate weak references
-to them, fail to suppress macros. Thus, if any pthread function has
-been provided as a macro, compiling threads.c will fail.
-This breaks on musl libc, which defines pthread_equal as a macro (in
-addition to providing the function, as required).
-
-Prevent the declarations for e.g. musl libc by refining the condition.
-
-The idea for this solution was borrowed from the alpine linux guys, see
-http://git.alpinelinux.org/cgit/aports/tree/main/libxml2/libxml2-pthread.patch
-
-Signed-off-by: Michael Heimpold <mhei@heimpold.de>
----
- threads.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/threads.c b/threads.c
-index 8921204..78006a2 100644
---- a/threads.c
-+++ b/threads.c
-@@ -47,7 +47,7 @@
- #ifdef HAVE_PTHREAD_H
- 
- static int libxml_is_threaded = -1;
--#ifdef __GNUC__
-+#if defined(__GNUC__) && defined(__GLIBC__)
- #ifdef linux
- #if (__GNUC__ == 3 && __GNUC_MINOR__ >= 3) || (__GNUC__ > 3)
- extern int pthread_once (pthread_once_t *__once_control,
-@@ -89,7 +89,7 @@ extern int pthread_cond_signal ()
- 	   __attribute((weak));
- #endif
- #endif /* linux */
--#endif /* __GNUC__ */
-+#endif /* defined(__GNUC__) && defined(__GLIBC__) */
- #endif /* HAVE_PTHREAD_H */
- 
- /*
--- 
-2.3.5
-

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-timsort.patch b/dev-libs/libxml2/files/libxml2-2.9.2-timsort.patch
deleted file mode 100644
index c179d47..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-timsort.patch
+++ /dev/null
@@ -1,128 +0,0 @@
-From 9b987f8c98763ee569bde90b5268b43474ca106c Mon Sep 17 00:00:00 2001
-From: Christopher Swenson <chris@caswenson.com>
-Date: Fri, 27 Feb 2015 14:55:49 +0800
-Subject: [PATCH] Fix timsort invariant loop re: Envisage article
-
-See http://envisage-project.eu/proving-android-java-and-python-sorting-algorithm-is-broken-and-how-to-fix-it/
-
-We use a "runLen" array of size 128, so it should be nearly impossible
-to have our implementation overflow.
-
-But in any case, the fix is relatively simple -- checking two extra
-conditions in the invariant calculation.
-
-I also took this opportunity to remove some redundancy in the
-left/right merge logic in the invariant loop.
----
- timsort.h | 74 +++++++++++++++++++++++++++++++++------------------------------
- 1 file changed, 39 insertions(+), 35 deletions(-)
-
-diff --git a/timsort.h b/timsort.h
-index efa3aab..795f272 100644
---- a/timsort.h
-+++ b/timsort.h
-@@ -392,62 +392,66 @@ static void TIM_SORT_MERGE(SORT_TYPE *dst, const TIM_SORT_RUN_T *stack, const in
- 
- static int TIM_SORT_COLLAPSE(SORT_TYPE *dst, TIM_SORT_RUN_T *stack, int stack_curr, TEMP_STORAGE_T *store, const size_t size)
- {
--  while (1)
--  {
--    int64_t A, B, C;
-+  while (1) {
-+    int64_t A, B, C, D;
-+    int ABC, BCD, BD, CD;
-+
-     /* if the stack only has one thing on it, we are done with the collapse */
--    if (stack_curr <= 1) break;
-+    if (stack_curr <= 1) {
-+      break;
-+    }
-+
-     /* if this is the last merge, just do it */
--    if ((stack_curr == 2) &&
--        (stack[0].length + stack[1].length == (int64_t) size))
--    {
-+    if ((stack_curr == 2) && (stack[0].length + stack[1].length == size)) {
-       TIM_SORT_MERGE(dst, stack, stack_curr, store);
-       stack[0].length += stack[1].length;
-       stack_curr--;
-       break;
-     }
-     /* check if the invariant is off for a stack of 2 elements */
--    else if ((stack_curr == 2) && (stack[0].length <= stack[1].length))
--    {
-+    else if ((stack_curr == 2) && (stack[0].length <= stack[1].length)) {
-       TIM_SORT_MERGE(dst, stack, stack_curr, store);
-       stack[0].length += stack[1].length;
-       stack_curr--;
-       break;
--    }
--    else if (stack_curr == 2)
-+    } else if (stack_curr == 2) {
-       break;
-+    }
- 
--    A = stack[stack_curr - 3].length;
--    B = stack[stack_curr - 2].length;
--    C = stack[stack_curr - 1].length;
-+    B = stack[stack_curr - 3].length;
-+    C = stack[stack_curr - 2].length;
-+    D = stack[stack_curr - 1].length;
- 
--    /* check first invariant */
--    if (A <= B + C)
--    {
--      if (A < C)
--      {
--        TIM_SORT_MERGE(dst, stack, stack_curr - 1, store);
--        stack[stack_curr - 3].length += stack[stack_curr - 2].length;
--        stack[stack_curr - 2] = stack[stack_curr - 1];
--        stack_curr--;
--      }
--      else
--      {
--        TIM_SORT_MERGE(dst, stack, stack_curr, store);
--        stack[stack_curr - 2].length += stack[stack_curr - 1].length;
--        stack_curr--;
--      }
-+    if (stack_curr >= 4) {
-+      A = stack[stack_curr - 4].length;
-+      ABC = (A <= B + C);
-+    } else {
-+      ABC = 0;
-     }
--    /* check second invariant */
--    else if (B <= C)
--    {
-+
-+    BCD = (B <= C + D) || ABC;
-+    CD = (C <= D);
-+    BD = (B < D);
-+
-+    /* Both invariants are good */
-+    if (!BCD && !CD) {
-+      break;
-+    }
-+
-+    /* left merge */
-+    if (BCD && !CD) {
-+      TIM_SORT_MERGE(dst, stack, stack_curr - 1, store);
-+      stack[stack_curr - 3].length += stack[stack_curr - 2].length;
-+      stack[stack_curr - 2] = stack[stack_curr - 1];
-+      stack_curr--;
-+    } else {
-+      /* right merge */
-       TIM_SORT_MERGE(dst, stack, stack_curr, store);
-       stack[stack_curr - 2].length += stack[stack_curr - 1].length;
-       stack_curr--;
-     }
--    else
--      break;
-   }
-+
-   return stack_curr;
- }
- 
--- 
-2.3.5
-

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-unclosed-comments.patch b/dev-libs/libxml2/files/libxml2-2.9.2-unclosed-comments.patch
deleted file mode 100644
index bd4e482..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-unclosed-comments.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From e724879d964d774df9b7969fc846605aa1bac54c Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Fri, 30 Oct 2015 21:14:55 +0800
-Subject: Fix parsing short unclosed comment uninitialized access
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=746048
-The HTML parser was too optimistic when processing comments and
-didn't check for the end of the stream on the first 2 characters
----
- HTMLparser.c | 21 ++++++++++++++-------
- 1 file changed, 14 insertions(+), 7 deletions(-)
-
-diff --git a/HTMLparser.c b/HTMLparser.c
-index 19c10c3..bdf7807 100644
---- a/HTMLparser.c
-+++ b/HTMLparser.c
-@@ -3264,12 +3264,17 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
- 	ctxt->instate = state;
- 	return;
-     }
-+    len = 0;
-+    buf[len] = 0;
-     q = CUR_CHAR(ql);
-+    if (!IS_CHAR(q))
-+        goto unfinished;
-     NEXTL(ql);
-     r = CUR_CHAR(rl);
-+    if (!IS_CHAR(r))
-+        goto unfinished;
-     NEXTL(rl);
-     cur = CUR_CHAR(l);
--    len = 0;
-     while (IS_CHAR(cur) &&
-            ((cur != '>') ||
- 	    (r != '-') || (q != '-'))) {
-@@ -3300,18 +3305,20 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
- 	}
-     }
-     buf[len] = 0;
--    if (!IS_CHAR(cur)) {
--	htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
--	             "Comment not terminated \n<!--%.50s\n", buf, NULL);
--	xmlFree(buf);
--    } else {
-+    if (IS_CHAR(cur)) {
-         NEXT;
- 	if ((ctxt->sax != NULL) && (ctxt->sax->comment != NULL) &&
- 	    (!ctxt->disableSAX))
- 	    ctxt->sax->comment(ctxt->userData, buf);
- 	xmlFree(buf);
-+	ctxt->instate = state;
-+	return;
-     }
--    ctxt->instate = state;
-+
-+unfinished:
-+    htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
-+		 "Comment not terminated \n<!--%.50s\n", buf, NULL);
-+    xmlFree(buf);
- }
- 
- /**
--- 
-cgit v0.11.2
-

diff --git a/dev-libs/libxml2/libxml2-2.9.2-r4.ebuild b/dev-libs/libxml2/libxml2-2.9.2-r4.ebuild
deleted file mode 100644
index f47284c..00000000
--- a/dev-libs/libxml2/libxml2-2.9.2-r4.ebuild
+++ /dev/null
@@ -1,230 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 python3_{4,5} )
-PYTHON_REQ_USE="xml"
-
-inherit libtool flag-o-matic eutils python-r1 autotools prefix multilib-minimal
-
-DESCRIPTION="Version 2 of the library to manipulate XML files"
-HOMEPAGE="http://www.xmlsoft.org/"
-
-LICENSE="MIT"
-SLOT="2"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="debug examples icu ipv6 lzma python readline static-libs test"
-
-XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
-XSTS_NAME_1="xmlschema2002-01-16"
-XSTS_NAME_2="xmlschema2004-01-14"
-XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
-XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
-XMLCONF_TARBALL="xmlts20080827.tar.gz"
-
-SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
-	test? (
-		${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
-		${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
-		http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )"
-
-COMMON_DEPEND="
-	>=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
-	icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-"
-RDEPEND="${COMMON_DEPEND}
-	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20131008-r6
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )
-"
-DEPEND="${COMMON_DEPEND}
-	dev-util/gtk-doc-am
-	virtual/pkgconfig
-	hppa? ( >=sys-devel/binutils-2.15.92.0.2 )
-"
-
-S="${WORKDIR}/${PN}-${PV%_rc*}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/xml2-config
-)
-
-src_unpack() {
-	# ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR,
-	# as they are needed as tarballs in ${S}/xstc instead and not unpacked
-	unpack ${P/_rc/-rc}.tar.gz
-	cd "${S}"
-
-	if use test; then
-		cp "${DISTDIR}/${XSTS_TARBALL_1}" \
-			"${DISTDIR}/${XSTS_TARBALL_2}" \
-			"${S}"/xstc/ \
-			|| die "Failed to install test tarballs"
-		unpack ${XMLCONF_TARBALL}
-	fi
-}
-
-src_prepare() {
-	DOCS=( AUTHORS ChangeLog NEWS README* TODO* )
-
-	# Patches needed for prefix support
-	epatch "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
-
-	eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
-
-	# Fix build for Windows platform
-	epatch "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
-
-	# Disable programs that we don't actually install.
-	epatch "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
-
-	# Fix zlib parameter handling for cross-compilation
-	# https://bugzilla.gnome.org/show_bug.cgi?id=749416
-	epatch "${FILESDIR}"/${PN}-2.9.2-cross-compile.patch
-
-	# Use pkgconfig to find icu to properly support multilib
-	# https://bugs.gentoo.org/show_bug.cgi?id=738751
-	epatch "${FILESDIR}"/${PN}-2.9.2-icu-pkgconfig.patch
-
-	epatch "${FILESDIR}"/${P}-python-ABIFLAG.patch
-
-	# Important patches from master
-	epatch \
-		"${FILESDIR}"/${PN}-2.9.2-revert-missing-initialization.patch \
-		"${FILESDIR}"/${PN}-2.9.2-missing-entities.patch \
-		"${FILESDIR}"/${PN}-2.9.2-threads-declarations.patch \
-		"${FILESDIR}"/${PN}-2.9.2-timsort.patch \
-		"${FILESDIR}"/${PN}-2.9.2-cve-2015-7941-1.patch \
-		"${FILESDIR}"/${PN}-2.9.2-cve-2015-7941-2.patch \
-		"${FILESDIR}"/${PN}-2.9.2-constant-memory.patch \
-		"${FILESDIR}"/${PN}-2.9.2-overflow-conditional-sections-1.patch	\
-		"${FILESDIR}"/${PN}-2.9.2-overflow-conditional-sections-2.patch	\
-		"${FILESDIR}"/${PN}-2.9.2-unclosed-comments.patch \
-		"${FILESDIR}"/${PN}-2.9.2-cve-2015-8035.patch \
-		"${FILESDIR}"/${PN}-2.9.2-fix-lzma.patch
-
-	# Please do not remove, as else we get references to PORTAGE_TMPDIR
-	# in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
-	# We now need to run eautoreconf at the end to prevent maintainer mode.
-#	elibtoolize
-#	epunt_cxx # if we don't eautoreconf
-
-	eautoreconf
-}
-
-multilib_src_configure() {
-	# filter seemingly problematic CFLAGS (#26320)
-	filter-flags -fprefetch-loop-arrays -funroll-loops
-
-	# USE zlib support breaks gnome2
-	# (libgnomeprint for instance fails to compile with
-	# fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
-
-	# The meaning of the 'debug' USE flag does not apply to the --with-debug
-	# switch (enabling the libxml2 debug module). See bug #100898.
-
-	# --with-mem-debug causes unusual segmentation faults (bug #105120).
-
-	libxml2_configure() {
-		ECONF_SOURCE="${S}" econf \
-			--with-html-subdir=${PF}/html \
-			--docdir="${EPREFIX}/usr/share/doc/${PF}" \
-			$(use_with debug run-debug) \
-			$(use_with icu) \
-			$(use_with lzma) \
-			$(use_enable ipv6) \
-			$(use_enable static-libs static) \
-			$(multilib_native_use_with readline) \
-			$(multilib_native_use_with readline history) \
-			"$@"
-	}
-
-	libxml2_py_configure() {
-		mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist
-		run_in_build_dir libxml2_configure "--with-python=${PYTHON}" # odd build system
-	}
-
-	libxml2_configure --without-python # build python bindings separately
-
-	if multilib_is_native_abi && use python; then
-		python_foreach_impl libxml2_py_configure
-	fi
-}
-
-multilib_src_compile() {
-	default
-	if multilib_is_native_abi && use python; then
-		local native_builddir=${BUILD_DIR}
-		python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all
-	fi
-}
-
-multilib_src_test() {
-	default
-	multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" \
-		EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install
-
-	if multilib_is_native_abi && use python; then
-		python_foreach_impl libxml2_py_emake \
-			DESTDIR="${D}" \
-			docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \
-			exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \
-			install
-		python_foreach_impl python_optimize
-	fi
-}
-
-multilib_src_install_all() {
-	# on windows, xmllint is installed by interix libxml2 in parent prefix.
-	# this is the version to use. the native winnt version does not support
-	# symlinks, which makes repoman fail if the portage tree is linked in
-	# from another location (which is my default). -- mduft
-	if [[ ${CHOST} == *-winnt* ]]; then
-		rm -rf "${ED}"/usr/bin/xmllint
-		rm -rf "${ED}"/usr/bin/xmlcatalog
-	fi
-
-	rm -rf "${ED}"/usr/share/doc/${P}
-	einstalldocs
-
-	if ! use examples; then
-		rm -rf "${ED}"/usr/share/doc/${PF}/examples
-		rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
-	fi
-
-	prune_libtool_files --modules
-}
-
-pkg_postinst() {
-	# We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
-	# be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
-	if [[ "${ROOT}" != "/" ]]; then
-		elog "Skipping XML catalog creation for stage building (bug #208887)."
-	else
-		# need an XML catalog, so no-one writes to a non-existent one
-		CATALOG="${EROOT}etc/xml/catalog"
-
-		# we dont want to clobber an existing catalog though,
-		# only ensure that one is there
-		# <obz@gentoo.org>
-		if [[ ! -e ${CATALOG} ]]; then
-			[[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml"
-			"${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
-			einfo "Created XML catalog in ${CATALOG}"
-		fi
-	fi
-}
-
-libxml2_py_emake() {
-	pushd "${BUILD_DIR}/python" > /dev/null || die
-	emake "$@"
-	popd > /dev/null
-}

diff --git a/dev-libs/libxml2/libxml2-2.9.3.ebuild b/dev-libs/libxml2/libxml2-2.9.3.ebuild
deleted file mode 100644
index dd738fc..00000000
--- a/dev-libs/libxml2/libxml2-2.9.3.ebuild
+++ /dev/null
@@ -1,215 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 python3_{4,5} )
-PYTHON_REQ_USE="xml"
-
-inherit libtool flag-o-matic eutils python-r1 autotools prefix multilib-minimal
-
-DESCRIPTION="Version 2 of the library to manipulate XML files"
-HOMEPAGE="http://www.xmlsoft.org/"
-
-LICENSE="MIT"
-SLOT="2"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="debug examples icu ipv6 lzma python readline static-libs test"
-
-XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
-XSTS_NAME_1="xmlschema2002-01-16"
-XSTS_NAME_2="xmlschema2004-01-14"
-XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
-XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
-XMLCONF_TARBALL="xmlts20080827.tar.gz"
-
-SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
-	test? (
-		${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
-		${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
-		http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )"
-
-RDEPEND="
-	>=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
-	icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-"
-DEPEND="${EDEPEND}
-	dev-util/gtk-doc-am
-	virtual/pkgconfig
-	hppa? ( >=sys-devel/binutils-2.15.92.0.2 )
-"
-
-S="${WORKDIR}/${PN}-${PV%_rc*}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/xml2-config
-)
-
-src_unpack() {
-	# ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR,
-	# as they are needed as tarballs in ${S}/xstc instead and not unpacked
-	unpack ${P/_rc/-rc}.tar.gz
-	cd "${S}"
-
-	if use test; then
-		cp "${DISTDIR}/${XSTS_TARBALL_1}" \
-			"${DISTDIR}/${XSTS_TARBALL_2}" \
-			"${S}"/xstc/ \
-			|| die "Failed to install test tarballs"
-		unpack ${XMLCONF_TARBALL}
-	fi
-}
-
-src_prepare() {
-	DOCS=( AUTHORS ChangeLog NEWS README* TODO* )
-
-	# Patches needed for prefix support
-	epatch "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
-
-	eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
-
-	# Fix build for Windows platform
-	# https://bugzilla.gnome.org/show_bug.cgi?id=760456
-	epatch "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
-
-	# Disable programs that we don't actually install.
-	# https://bugzilla.gnome.org/show_bug.cgi?id=760457
-	epatch "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
-
-	# Fix zlib parameter handling for cross-compilation
-	# https://bugzilla.gnome.org/show_bug.cgi?id=749416
-	epatch "${FILESDIR}"/${PN}-2.9.2-cross-compile.patch
-
-	# Use pkgconfig to find icu to properly support multilib
-	# https://bugzilla.gnome.org/show_bug.cgi?id=738751
-	epatch "${FILESDIR}"/${PN}-2.9.2-icu-pkgconfig.patch
-
-	# Fix python detection, bug #567066
-	# https://bugzilla.gnome.org/show_bug.cgi?id=760458
-	epatch "${FILESDIR}"/${PN}-2.9.2-python-ABIFLAG.patch
-
-	# Please do not remove, as else we get references to PORTAGE_TMPDIR
-	# in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
-	# We now need to run eautoreconf at the end to prevent maintainer mode.
-#	elibtoolize
-#	epunt_cxx # if we don't eautoreconf
-
-	eautoreconf
-}
-
-multilib_src_configure() {
-	# filter seemingly problematic CFLAGS (#26320)
-	filter-flags -fprefetch-loop-arrays -funroll-loops
-
-	# USE zlib support breaks gnome2
-	# (libgnomeprint for instance fails to compile with
-	# fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
-
-	# The meaning of the 'debug' USE flag does not apply to the --with-debug
-	# switch (enabling the libxml2 debug module). See bug #100898.
-
-	# --with-mem-debug causes unusual segmentation faults (bug #105120).
-
-	libxml2_configure() {
-		ECONF_SOURCE="${S}" econf \
-			--with-html-subdir=${PF}/html \
-			--docdir="${EPREFIX}/usr/share/doc/${PF}" \
-			$(use_with debug run-debug) \
-			$(use_with icu) \
-			$(use_with lzma) \
-			$(use_enable ipv6) \
-			$(use_enable static-libs static) \
-			$(multilib_native_use_with readline) \
-			$(multilib_native_use_with readline history) \
-			"$@"
-	}
-
-	libxml2_py_configure() {
-		mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist
-		run_in_build_dir libxml2_configure "--with-python=${PYTHON}" # odd build system
-	}
-
-	libxml2_configure --without-python # build python bindings separately
-
-	if multilib_is_native_abi && use python; then
-		python_foreach_impl libxml2_py_configure
-	fi
-}
-
-multilib_src_compile() {
-	default
-	if multilib_is_native_abi && use python; then
-		local native_builddir=${BUILD_DIR}
-		python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all
-	fi
-}
-
-multilib_src_test() {
-	default
-	multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" \
-		EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install
-
-	if multilib_is_native_abi && use python; then
-		python_foreach_impl libxml2_py_emake \
-			DESTDIR="${D}" \
-			docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \
-			exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \
-			install
-		python_foreach_impl python_optimize
-	fi
-}
-
-multilib_src_install_all() {
-	# on windows, xmllint is installed by interix libxml2 in parent prefix.
-	# this is the version to use. the native winnt version does not support
-	# symlinks, which makes repoman fail if the portage tree is linked in
-	# from another location (which is my default). -- mduft
-	if [[ ${CHOST} == *-winnt* ]]; then
-		rm -rf "${ED}"/usr/bin/xmllint
-		rm -rf "${ED}"/usr/bin/xmlcatalog
-	fi
-
-	rm -rf "${ED}"/usr/share/doc/${P}
-	einstalldocs
-
-	if ! use examples; then
-		rm -rf "${ED}"/usr/share/doc/${PF}/examples
-		rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
-	fi
-
-	prune_libtool_files --modules
-}
-
-pkg_postinst() {
-	# We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
-	# be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
-	if [[ "${ROOT}" != "/" ]]; then
-		elog "Skipping XML catalog creation for stage building (bug #208887)."
-	else
-		# need an XML catalog, so no-one writes to a non-existent one
-		CATALOG="${EROOT}etc/xml/catalog"
-
-		# we dont want to clobber an existing catalog though,
-		# only ensure that one is there
-		# <obz@gentoo.org>
-		if [[ ! -e ${CATALOG} ]]; then
-			[[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml"
-			"${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
-			einfo "Created XML catalog in ${CATALOG}"
-		fi
-	fi
-}
-
-libxml2_py_emake() {
-	pushd "${BUILD_DIR}/python" > /dev/null || die
-	emake "$@"
-	popd > /dev/null
-}

diff --git a/dev-libs/libxml2/libxml2-2.9.4.ebuild b/dev-libs/libxml2/libxml2-2.9.4.ebuild
index 046131b..f52e586 100644
--- a/dev-libs/libxml2/libxml2-2.9.4.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.4.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
@@ -13,7 +13,7 @@ HOMEPAGE="http://www.xmlsoft.org/"
 
 LICENSE="MIT"
 SLOT="2"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="arm64 m68k s390 sh"
 IUSE="debug examples icu ipv6 lzma python readline static-libs test"
 
 XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/

[Gilles Dartiguelongue]

commit:     96b2498a5a75539fcf0bf322db2634f278a416d5
Author:     Gilles Dartiguelongue <eva <AT> gentoo <DOT> org>
AuthorDate: Mon Nov  9 19:22:57 2015 +0000
Commit:     Gilles Dartiguelongue <eva <AT> gentoo <DOT> org>
CommitDate: Mon Nov  9 20:30:36 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96b2498a

dev-libs/libxml2: apply several security patches

Security bugs: #560524, #564240 and #564776.
Also fix incorrect lzma support, bug #530386 and fix handling of
documentation and examples with USE=python, bug #533324.

https://bugs.gentoo.org/show_bug.cgi?id=530386
https://bugs.gentoo.org/show_bug.cgi?id=533324
https://bugs.gentoo.org/show_bug.cgi?id=560524
https://bugs.gentoo.org/show_bug.cgi?id=564240
https://bugs.gentoo.org/show_bug.cgi?id=564776

Package-Manager: portage-2.2.23

 .../files/libxml2-2.9.2-cve-2015-7941-1.patch      |  32 +++
 .../files/libxml2-2.9.2-cve-2015-7941-2.patch      |  49 +++++
 .../files/libxml2-2.9.2-cve-2015-8035.patch        |  31 +++
 .../files/libxml2-2.9.2-disable-tests.patch        |   9 +
 .../libxml2/files/libxml2-2.9.2-fix-lzma.patch     | 114 ++++++++++
 ...ml2-2.9.2-overflow-conditional-sections-1.patch |  32 +++
 ...ml2-2.9.2-overflow-conditional-sections-2.patch |  28 +++
 .../files/libxml2-2.9.2-unclosed-comments.patch    |  65 ++++++
 dev-libs/libxml2/libxml2-2.9.2-r2.ebuild           | 229 +++++++++++++++++++++
 9 files changed, 589 insertions(+)

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-1.patch b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-1.patch
new file mode 100644
index 0000000..8a6c98c
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-1.patch
@@ -0,0 +1,32 @@
+From a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 23 Feb 2015 11:17:35 +0800
+Subject: [PATCH] Stop parsing on entities boundaries errors
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=744980
+
+There are times, like on unterminated entities that it's preferable to
+stop parsing, even if that means less error reporting. Entities are
+feeding the parser on further processing, and if they are ill defined
+then it's possible to get the parser to bug. Also do the same on
+Conditional Sections if the input is broken, as the structure of
+the document can't be guessed.
+---
+ parser.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/parser.c b/parser.c
+index a8d1b67..bbe97eb 100644
+--- a/parser.c
++++ b/parser.c
+@@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
+ 	if (RAW != '>') {
+ 	    xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
+ 	            "xmlParseEntityDecl: entity %s not terminated\n", name);
++	    xmlStopParser(ctxt);
+ 	} else {
+ 	    if (input != ctxt->input) {
+ 		xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
+-- 
+2.4.10
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-2.patch b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-2.patch
new file mode 100644
index 0000000..df30c89
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-2.patch
@@ -0,0 +1,49 @@
+From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 23 Feb 2015 11:29:20 +0800
+Subject: [PATCH] Cleanup conditional section error handling
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=744980
+
+The error handling of Conditional Section also need to be
+straightened as the structure of the document can't be
+guessed on a failure there and it's better to stop parsing
+as further errors are likely to be irrelevant.
+---
+ parser.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index bbe97eb..fe603ac 100644
+--- a/parser.c
++++ b/parser.c
+@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ 	SKIP_BLANKS;
+ 	if (RAW != '[') {
+ 	    xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
++	    xmlStopParser(ctxt);
++	    return;
+ 	} else {
+ 	    if (ctxt->input->id != id) {
+ 		xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
+@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ 	SKIP_BLANKS;
+ 	if (RAW != '[') {
+ 	    xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
++	    xmlStopParser(ctxt);
++	    return;
+ 	} else {
+ 	    if (ctxt->input->id != id) {
+ 		xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
+@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ 
+     } else {
+ 	xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
++	xmlStopParser(ctxt);
++	return;
+     }
+ 
+     if (RAW == 0)
+-- 
+2.4.10
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-8035.patch b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-8035.patch
new file mode 100644
index 0000000..f51863e
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-8035.patch
@@ -0,0 +1,31 @@
+From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Tue, 3 Nov 2015 15:31:25 +0800
+Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=757466
+DoS when parsing specially crafted XML document if XZ support
+is compiled in (which wasn't the case for 2.9.2 and master since
+Nov 2013, fixed in next commit !)
+---
+ xzlib.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/xzlib.c b/xzlib.c
+index 0dcb9f4..1fab546 100644
+--- a/xzlib.c
++++ b/xzlib.c
+@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
+             xz_error(state, LZMA_DATA_ERROR, "compressed data error");
+             return -1;
+         }
++        if (ret == LZMA_PROG_ERROR) {
++            xz_error(state, LZMA_PROG_ERROR, "compression error");
++            return -1;
++        }
+     } while (strm->avail_out && ret != LZMA_STREAM_END);
+ 
+     /* update available output and crc check value */
+-- 
+2.4.10
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch b/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
index 86d5995..a996bf6 100644
--- a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
@@ -20,6 +20,15 @@ do not build test programs as we don't install them
  testdso_la_SOURCES = testdso.c
  testdso_la_LDFLAGS = -module -no-undefined -avoid-version -rpath $(libdir)
  
+@@ -202,7 +202,7 @@ runxmlconf_LDADD= $(LDADDS)
+ #testOOM_DEPENDENCIES = $(DEPS)
+ #testOOM_LDADD= $(LDADDS)
+ 
+-runtests:
++runtests: check_PROGRAMS
+ 	[ -d test   ] || $(LN_S) $(srcdir)/test   .
+ 	[ -d result ] || $(LN_S) $(srcdir)/result .
+ 	$(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
 --- a/doc/examples/Makefile.am
 +++ b/doc/examples/Makefile.am
 @@ -13,7 +13,7 @@

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-fix-lzma.patch b/dev-libs/libxml2/files/libxml2-2.9.2-fix-lzma.patch
new file mode 100644
index 0000000..e9b6da6
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-fix-lzma.patch
@@ -0,0 +1,114 @@
+From 18b8988511b0954272cac4d6c3e6724f9dbf6e0a Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Tue, 3 Nov 2015 15:46:29 +0800
+Subject: [PATCH] Reenable xz support by default
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=757466
+
+problem was introduced by commit f3f86ff465c92c79f834d7b981f3c7274a8bb5c8
+for https://bugzilla.gnome.org/show_bug.cgi?id=711026
+---
+ configure.ac |  3 +++
+ xmlIO.c      | 12 ++++++------
+ xzlib.c      |  6 ++++--
+ 3 files changed, 13 insertions(+), 8 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 14ac0a8..48e0577 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -445,6 +445,9 @@ else
+                 fi],
+                 [have_liblzma=no])
+ 	     LDFLAGS="${SAVE_LDFLAGS}"])
++    else
++	# we still need to check for lzma,h header
++	AC_CHECK_HEADERS([lzma.h])
+     fi
+ 
+     # Found the library via either method?
+diff --git a/xmlIO.c b/xmlIO.c
+index e628ab0..8b13184 100644
+--- a/xmlIO.c
++++ b/xmlIO.c
+@@ -1334,7 +1334,7 @@ xmlGzfileClose (void * context) {
+ }
+ #endif /* HAVE_ZLIB_H */
+ 
+-#ifdef HAVE_LZMA_H
++#ifdef LIBXML_LZMA_ENABLED
+ /************************************************************************
+  *									*
+  *		I/O for compressed file accesses			*
+@@ -1451,7 +1451,7 @@ xmlXzfileClose (void * context) {
+     if (ret < 0) xmlIOErr(0, "xzclose()");
+     return(ret);
+ }
+-#endif /* HAVE_LZMA_H */
++#endif /* LIBXML_LZMA_ENABLED */
+ 
+ #ifdef LIBXML_HTTP_ENABLED
+ /************************************************************************
+@@ -2328,10 +2328,10 @@ xmlRegisterDefaultInputCallbacks(void) {
+     xmlRegisterInputCallbacks(xmlGzfileMatch, xmlGzfileOpen,
+ 	                      xmlGzfileRead, xmlGzfileClose);
+ #endif /* HAVE_ZLIB_H */
+-#ifdef HAVE_LZMA_H
++#ifdef LIBXML_LZMA_ENABLED
+     xmlRegisterInputCallbacks(xmlXzfileMatch, xmlXzfileOpen,
+ 	                      xmlXzfileRead, xmlXzfileClose);
+-#endif /* HAVE_ZLIB_H */
++#endif /* LIBXML_LZMA_ENABLED */
+ 
+ #ifdef LIBXML_HTTP_ENABLED
+     xmlRegisterInputCallbacks(xmlIOHTTPMatch, xmlIOHTTPOpen,
+@@ -2683,7 +2683,7 @@ __xmlParserInputBufferCreateFilename(const char *URI, xmlCharEncoding enc) {
+ #endif
+ 	}
+ #endif
+-#ifdef HAVE_LZMA_H
++#ifdef LIBXML_LZMA_ENABLED
+ 	if ((xmlInputCallbackTable[i].opencallback == xmlXzfileOpen) &&
+ 		(strcmp(URI, "-") != 0)) {
+             ret->compressed = __libxml2_xzcompressed(context);
+@@ -3350,7 +3350,7 @@ xmlParserInputBufferGrow(xmlParserInputBufferPtr in, int len) {
+      * try to establish compressed status of input if not done already
+      */
+     if (in->compressed == -1) {
+-#ifdef HAVE_LZMA_H
++#ifdef LIBXML_LZMA_ENABLED
+ 	if (in->readcallback == xmlXzfileRead)
+             in->compressed = __libxml2_xzcompressed(in->context);
+ #endif
+diff --git a/xzlib.c b/xzlib.c
+index 1fab546..782957f 100644
+--- a/xzlib.c
++++ b/xzlib.c
+@@ -8,7 +8,7 @@
+  */
+ #define IN_LIBXML
+ #include "libxml.h"
+-#ifdef HAVE_LZMA_H
++#ifdef LIBXML_LZMA_ENABLED
+ 
+ #include <string.h>
+ #ifdef HAVE_ERRNO_H
+@@ -34,7 +34,9 @@
+ #ifdef HAVE_ZLIB_H
+ #include <zlib.h>
+ #endif
++#ifdef HAVE_LZMA_H
+ #include <lzma.h>
++#endif
+ 
+ #include "xzlib.h"
+ #include <libxml/xmlmemory.h>
+@@ -799,4 +801,4 @@ __libxml2_xzclose(xzFile file)
+     xmlFree(state);
+     return ret ? ret : LZMA_OK;
+ }
+-#endif /* HAVE_LZMA_H */
++#endif /* LIBXML_LZMA_ENABLED */
+-- 
+2.4.10
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-1.patch b/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-1.patch
new file mode 100644
index 0000000..bb0766a
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-1.patch
@@ -0,0 +1,32 @@
+From bd0526e66a56e75a18da8c15c4750db8f801c52d Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 23 Oct 2015 19:02:28 +0800
+Subject: Another variation of overflow in Conditional sections
+
+Which happen after the previous fix to
+https://bugzilla.gnome.org/show_bug.cgi?id=756456
+
+But stopping the parser and exiting we didn't pop the intermediary entities
+and doing the SKIP there applies on an input which may be too small
+---
+ parser.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index a65e4cc..b9217ff 100644
+--- a/parser.c
++++ b/parser.c
+@@ -6915,7 +6915,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ 	"All markup of the conditional section is not in the same entity\n",
+ 				 NULL, NULL);
+ 	}
+-        SKIP(3);
++	if ((ctxt-> instate != XML_PARSER_EOF) &&
++	    ((ctxt->input->cur + 3) < ctxt->input->end))
++	    SKIP(3);
+     }
+ }
+ 
+-- 
+cgit v0.11.2
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-2.patch b/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-2.patch
new file mode 100644
index 0000000..1a059fe
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-2.patch
@@ -0,0 +1,28 @@
+From 41ac9049a27f52e7a1f3b341f8714149fc88d450 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Tue, 27 Oct 2015 10:53:44 +0800
+Subject: Fix an error in previous Conditional section patch
+
+an off by one mistake in the change, led to error on correct
+document where the end of the included entity was exactly
+the end of the conditional section, leading to regtest failure
+---
+ parser.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index b9217ff..d67b300 100644
+--- a/parser.c
++++ b/parser.c
+@@ -6916,7 +6916,7 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ 				 NULL, NULL);
+ 	}
+ 	if ((ctxt-> instate != XML_PARSER_EOF) &&
+-	    ((ctxt->input->cur + 3) < ctxt->input->end))
++	    ((ctxt->input->cur + 3) <= ctxt->input->end))
+ 	    SKIP(3);
+     }
+ }
+-- 
+cgit v0.11.2
+

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-unclosed-comments.patch b/dev-libs/libxml2/files/libxml2-2.9.2-unclosed-comments.patch
new file mode 100644
index 0000000..bd4e482
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-unclosed-comments.patch
@@ -0,0 +1,65 @@
+From e724879d964d774df9b7969fc846605aa1bac54c Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 30 Oct 2015 21:14:55 +0800
+Subject: Fix parsing short unclosed comment uninitialized access
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=746048
+The HTML parser was too optimistic when processing comments and
+didn't check for the end of the stream on the first 2 characters
+---
+ HTMLparser.c | 21 ++++++++++++++-------
+ 1 file changed, 14 insertions(+), 7 deletions(-)
+
+diff --git a/HTMLparser.c b/HTMLparser.c
+index 19c10c3..bdf7807 100644
+--- a/HTMLparser.c
++++ b/HTMLparser.c
+@@ -3264,12 +3264,17 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
+ 	ctxt->instate = state;
+ 	return;
+     }
++    len = 0;
++    buf[len] = 0;
+     q = CUR_CHAR(ql);
++    if (!IS_CHAR(q))
++        goto unfinished;
+     NEXTL(ql);
+     r = CUR_CHAR(rl);
++    if (!IS_CHAR(r))
++        goto unfinished;
+     NEXTL(rl);
+     cur = CUR_CHAR(l);
+-    len = 0;
+     while (IS_CHAR(cur) &&
+            ((cur != '>') ||
+ 	    (r != '-') || (q != '-'))) {
+@@ -3300,18 +3305,20 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
+ 	}
+     }
+     buf[len] = 0;
+-    if (!IS_CHAR(cur)) {
+-	htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
+-	             "Comment not terminated \n<!--%.50s\n", buf, NULL);
+-	xmlFree(buf);
+-    } else {
++    if (IS_CHAR(cur)) {
+         NEXT;
+ 	if ((ctxt->sax != NULL) && (ctxt->sax->comment != NULL) &&
+ 	    (!ctxt->disableSAX))
+ 	    ctxt->sax->comment(ctxt->userData, buf);
+ 	xmlFree(buf);
++	ctxt->instate = state;
++	return;
+     }
+-    ctxt->instate = state;
++
++unfinished:
++    htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
++		 "Comment not terminated \n<!--%.50s\n", buf, NULL);
++    xmlFree(buf);
+ }
+ 
+ /**
+-- 
+cgit v0.11.2
+

diff --git a/dev-libs/libxml2/libxml2-2.9.2-r2.ebuild b/dev-libs/libxml2/libxml2-2.9.2-r2.ebuild
new file mode 100644
index 0000000..5501fca
--- /dev/null
+++ b/dev-libs/libxml2/libxml2-2.9.2-r2.ebuild
@@ -0,0 +1,229 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 python3_{3,4,5} )
+PYTHON_REQ_USE="xml"
+
+inherit libtool flag-o-matic eutils python-r1 autotools prefix multilib-minimal
+
+DESCRIPTION="Version 2 of the library to manipulate XML files"
+HOMEPAGE="http://www.xmlsoft.org/"
+
+LICENSE="MIT"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="debug examples icu ipv6 lzma python readline static-libs test"
+
+XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
+XSTS_NAME_1="xmlschema2002-01-16"
+XSTS_NAME_2="xmlschema2004-01-14"
+XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
+XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
+XMLCONF_TARBALL="xmlts20080827.tar.gz"
+
+SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
+	test? (
+		${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
+		${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
+		http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )"
+
+COMMON_DEPEND="
+	>=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+	icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+	python? ( ${PYTHON_DEPS} )
+	readline? ( sys-libs/readline:= )
+"
+RDEPEND="${COMMON_DEPEND}
+	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20131008-r6
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )
+"
+DEPEND="${COMMON_DEPEND}
+	dev-util/gtk-doc-am
+	virtual/pkgconfig
+	hppa? ( >=sys-devel/binutils-2.15.92.0.2 )
+"
+
+S="${WORKDIR}/${PN}-${PV%_rc*}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/xml2-config
+)
+
+src_unpack() {
+	# ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR,
+	# as they are needed as tarballs in ${S}/xstc instead and not unpacked
+	unpack ${P/_rc/-rc}.tar.gz
+	cd "${S}"
+
+	if use test; then
+		cp "${DISTDIR}/${XSTS_TARBALL_1}" \
+			"${DISTDIR}/${XSTS_TARBALL_2}" \
+			"${S}"/xstc/ \
+			|| die "Failed to install test tarballs"
+		unpack ${XMLCONF_TARBALL}
+	fi
+}
+
+src_prepare() {
+	DOCS=( AUTHORS ChangeLog NEWS README* TODO* )
+
+	# Patches needed for prefix support
+	epatch "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
+
+	# Fix build for Windows platform
+	epatch "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
+
+	# Disable programs that we don't actually install.
+	epatch "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
+
+	# Fix zlib parameter handling for cross-compilation
+	# https://bugzilla.gnome.org/show_bug.cgi?id=749416
+	epatch "${FILESDIR}"/${PN}-2.9.2-cross-compile.patch
+
+	# Use pkgconfig to find icu to properly support multilib
+	# https://bugs.gentoo.org/show_bug.cgi?id=738751
+	epatch "${FILESDIR}"/${PN}-2.9.2-icu-pkgconfig.patch
+
+	# Important patches from master
+	epatch \
+		"${FILESDIR}"/${PN}-2.9.2-revert-missing-initialization.patch \
+		"${FILESDIR}"/${PN}-2.9.2-missing-entities.patch \
+		"${FILESDIR}"/${PN}-2.9.2-threads-declarations.patch \
+		"${FILESDIR}"/${PN}-2.9.2-timsort.patch \
+		"${FILESDIR}"/${PN}-2.9.2-cve-2015-7941-1.patch \
+		"${FILESDIR}"/${PN}-2.9.2-cve-2015-7941-2.patch \
+		"${FILESDIR}"/${PN}-2.9.2-constant-memory.patch \
+		"${FILESDIR}"/${PN}-2.9.2-overflow-conditional-sections-1.patch	\
+		"${FILESDIR}"/${PN}-2.9.2-overflow-conditional-sections-2.patch	\
+		"${FILESDIR}"/${PN}-2.9.2-unclosed-comments.patch \
+		"${FILESDIR}"/${PN}-2.9.2-cve-2015-8035.patch \
+		"${FILESDIR}"/${PN}-2.9.2-fix-lzma.patch
+
+	# Please do not remove, as else we get references to PORTAGE_TMPDIR
+	# in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+	# We now need to run eautoreconf at the end to prevent maintainer mode.
+#	elibtoolize
+#	epunt_cxx # if we don't eautoreconf
+
+	eautoreconf
+}
+
+multilib_src_configure() {
+	# filter seemingly problematic CFLAGS (#26320)
+	filter-flags -fprefetch-loop-arrays -funroll-loops
+
+	# USE zlib support breaks gnome2
+	# (libgnomeprint for instance fails to compile with
+	# fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
+
+	# The meaning of the 'debug' USE flag does not apply to the --with-debug
+	# switch (enabling the libxml2 debug module). See bug #100898.
+
+	# --with-mem-debug causes unusual segmentation faults (bug #105120).
+
+	libxml2_configure() {
+		ECONF_SOURCE="${S}" econf \
+			--with-html-subdir=${PF}/html \
+			--docdir="${EPREFIX}/usr/share/doc/${PF}" \
+			$(use_with debug run-debug) \
+			$(use_with icu) \
+			$(use_with lzma) \
+			$(use_enable ipv6) \
+			$(use_enable static-libs static) \
+			$(multilib_native_use_with readline) \
+			$(multilib_native_use_with readline history) \
+			"$@"
+	}
+
+	libxml2_py_configure() {
+		mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist
+		run_in_build_dir libxml2_configure "--with-python=${PYTHON}" # odd build system
+	}
+
+	libxml2_configure --without-python # build python bindings separately
+
+	if multilib_is_native_abi && use python; then
+		python_foreach_impl libxml2_py_configure
+	fi
+}
+
+multilib_src_compile() {
+	default
+	if multilib_is_native_abi && use python; then
+		local native_builddir=${BUILD_DIR}
+		python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all
+	fi
+}
+
+multilib_src_test() {
+	default
+	multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" \
+		EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install
+
+	if multilib_is_native_abi && use python; then
+		python_foreach_impl libxml2_py_emake \
+			DESTDIR="${D}" \
+			exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples
+		python_foreach_impl python_optimize
+	fi
+}
+
+multilib_src_install_all() {
+	# on windows, xmllint is installed by interix libxml2 in parent prefix.
+	# this is the version to use. the native winnt version does not support
+	# symlinks, which makes repoman fail if the portage tree is linked in
+	# from another location (which is my default). -- mduft
+	if [[ ${CHOST} == *-winnt* ]]; then
+		rm -rf "${ED}"/usr/bin/xmllint
+		rm -rf "${ED}"/usr/bin/xmlcatalog
+	fi
+
+	rm -rf "${ED}"/usr/share/doc/${P}
+	einstalldocs
+
+	if use python ; then
+		docinto python
+		dodoc "${S}"/python/TODO
+	fi
+
+	if ! use examples; then
+		rm -rf "${ED}"/usr/share/doc/${PF}/examples
+		rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
+	fi
+
+	prune_libtool_files --modules
+}
+
+pkg_postinst() {
+	# We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
+	# be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
+	if [[ "${ROOT}" != "/" ]]; then
+		elog "Skipping XML catalog creation for stage building (bug #208887)."
+	else
+		# need an XML catalog, so no-one writes to a non-existent one
+		CATALOG="${EROOT}etc/xml/catalog"
+
+		# we dont want to clobber an existing catalog though,
+		# only ensure that one is there
+		# <obz@gentoo.org>
+		if [[ ! -e ${CATALOG} ]]; then
+			[[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml"
+			"${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
+			einfo "Created XML catalog in ${CATALOG}"
+		fi
+	fi
+}
+
+libxml2_py_emake() {
+	pushd "${BUILD_DIR}/python" > /dev/null || die
+	emake "$@"
+	popd > /dev/null
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/

[Mike Frysinger]

commit:     c0e9a7cf42c7bf4abae02b2ee0441244e01de9f6
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 31 01:41:22 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Oct 31 01:41:22 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0e9a7cf

dev-libs/libxml2: disable building of useless programs

These aren't used during build or install, so disable them.

 .../files/libxml2-2.9.2-disable-tests.patch        | 59 ++++++++++++++++++++++
 dev-libs/libxml2/libxml2-2.9.2-r1.ebuild           |  3 ++
 2 files changed, 62 insertions(+)

diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch b/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
new file mode 100644
index 0000000..86d5995
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
@@ -0,0 +1,59 @@
+do not build test programs as we don't install them
+
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -10,7 +10,7 @@
+ 
+ AM_CFLAGS = $(THREAD_CFLAGS) $(Z_CFLAGS) $(LZMA_CFLAGS)
+ 
+-noinst_PROGRAMS=testSchemas testRelax testSAX testHTML testXPath testURI \
++check_PROGRAMS=testSchemas testRelax testSAX testHTML testXPath testURI \
+                 testThreads testC14N testAutomata testRegexp \
+                 testReader testapi testModule runtest runsuite testchar \
+ 		testdict runxmlconf testrecurse testlimits
+@@ -170,7 +170,7 @@
+ testModule_DEPENDENCIES = $(DEPS)
+ testModule_LDADD= $(LDADDS)
+ 
+-noinst_LTLIBRARIES = testdso.la
++check_LTLIBRARIES = testdso.la
+ testdso_la_SOURCES = testdso.c
+ testdso_la_LDFLAGS = -module -no-undefined -avoid-version -rpath $(libdir)
+ 
+--- a/doc/examples/Makefile.am
++++ b/doc/examples/Makefile.am
+@@ -13,7 +13,7 @@
+ rebuild: examples.xml index.html
+ .PHONY: rebuild
+ 
+-examples.xml: index.py $(noinst_PROGRAMS:=.c)
++examples.xml: index.py $(check_PROGRAMS:=.c)
+ 	cd $(srcdir) && $(PYTHON) index.py
+ 	$(MAKE) Makefile
+ 
+@@ -49,7 +49,7 @@
+ 	xpath1.res \
+ 	xpath2.res
+ 
+-noinst_PROGRAMS = \
++check_PROGRAMS = \
+ 	io1 \
+ 	io2 \
+ 	parse1 \
+@@ -99,7 +99,7 @@
+ valgrind: 
+ 	$(MAKE) CHECKER='valgrind' tests
+ 
+-tests: $(noinst_PROGRAMS)
++tests: $(check_PROGRAMS)
+ 	test -f Makefile.am || test -f test1.xml || $(LN_S) $(srcdir)/test?.xml .
+ 	@(echo '## examples regression tests')
+ 	@(echo > .memdump)
+--- a/example/Makefile.am
++++ b/example/Makefile.am
+@@ -1,4 +1,4 @@
+-noinst_PROGRAMS	= gjobread
++check_PROGRAMS	= gjobread
+ 
+ AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(srcdir)/include
+ AM_CFLAGS = $(THREAD_CFLAGS) $(Z_CFLAGS)

diff --git a/dev-libs/libxml2/libxml2-2.9.2-r1.ebuild b/dev-libs/libxml2/libxml2-2.9.2-r1.ebuild
index a03df24..99c6b6c 100644
--- a/dev-libs/libxml2/libxml2-2.9.2-r1.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.2-r1.ebuild
@@ -75,6 +75,9 @@ src_prepare() {
 	epatch "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
 	epatch "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
 
+	# Disable programs that we don't actually install.
+	epatch "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
+
 	eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
 
 #	epunt_cxx # if we don't eautoreconf