[Buildroot] [git commit] libxml2: security bump to version 2.9.3

Thomas Petazzoni thomas.petazzoni at free-electrons.com
Sun Nov 22 12:44:47 UTC 2015


commit: http://git.buildroot.net/buildroot/commit/?id=08e08586b579d8a339ed6f1e3da01676fa3a7010
branch: http://git.buildroot.net/buildroot/commit/?id=refs/heads/master

- Fixes:
  - CVE-2015-5312 - Another entity expansion issue
  - CVE-2015-7497 - Avoid an heap buffer overflow in xmlDictComputeFastQKey
  - CVE-2015-7500 - Fix memory access error due to incorrect entities boundaries
  - CVE-2015-8242 - Buffer overead with HTML parser in push mode

- Incorporates upstreamed patches as well, which also fixed:
  - CVE-2015-1819 - The xmlreader in libxml allows remote attackers to cause
    a denial of service (memory consumption) via crafted XML data, related
    to an XML Entity Expansion (XEE) attack.
  - CVE-2015-7941 - out-of-bounds memory access.
  - CVE-2015-7942 - heap-buffer-overflow in xmlParseConditionalSections.
  - CVE-2015-8035 - DoS via crafted xz file.

Signed-off-by: Danomi Manchego <danomimanchego123 at gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at free-electrons.com>
---
 ...onfig.cmake.in-update-include-directories.patch |   28 ---
 ...s-use-forward-declarations-only-for-glibc.patch |   52 ------
 package/libxml2/0003-fix-CVE-2015-1819.patch       |  178 --------------------
 package/libxml2/0004-fix-CVE-2015-7941-1.patch     |   34 ----
 package/libxml2/0005-fix-CVE-2015-7941-2.patch     |   51 ------
 package/libxml2/0006-fix-CVE-2015-7942-1.patch     |   34 ----
 package/libxml2/0007-fix-CVE-2015-7942-2.patch     |   30 ----
 package/libxml2/0008-fix-CVE-2015-8035.patch       |   33 ----
 package/libxml2/libxml2.hash                       |    2 +-
 package/libxml2/libxml2.mk                         |    2 +-
 10 files changed, 2 insertions(+), 442 deletions(-)

diff --git a/package/libxml2/0001-libxml2-config.cmake.in-update-include-directories.patch b/package/libxml2/0001-libxml2-config.cmake.in-update-include-directories.patch
deleted file mode 100644
index 589c8d6..0000000
--- a/package/libxml2/0001-libxml2-config.cmake.in-update-include-directories.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From dd6125f4b58fe7bc270e51bc3fcf41cd228d22fc Mon Sep 17 00:00:00 2001
-From: Samuel Martin <s.martin49 at gmail.com>
-Date: Mon, 29 Dec 2014 20:40:18 +0100
-Subject: [PATCH] libxml2-config.cmake.in: update include directories
-
-Align the include directories on those from the pkg-config module.
-
-Signed-off-by: Samuel Martin <s.martin49 at gmail.com>
----
- libxml2-config.cmake.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libxml2-config.cmake.in b/libxml2-config.cmake.in
-index ac29329..6b16fc2 100644
---- a/libxml2-config.cmake.in
-+++ b/libxml2-config.cmake.in
-@@ -21,7 +21,7 @@ set(LIBXML2_VERSION_MINOR  @LIBXML_MINOR_VERSION@)
- set(LIBXML2_VERSION_MICRO  @LIBXML_MICRO_VERSION@)
- set(LIBXML2_VERSION_STRING "@VERSION@")
- set(LIBXML2_INSTALL_PREFIX ${_libxml2_rootdir})
--set(LIBXML2_INCLUDE_DIRS   ${_libxml2_rootdir}/include)
-+set(LIBXML2_INCLUDE_DIRS   ${_libxml2_rootdir}/include ${_libxml2_rootdir}/include/libxml2)
- set(LIBXML2_LIBRARY_DIR    ${_libxml2_rootdir}/lib)
- set(LIBXML2_LIBRARIES      -L${LIBXML2_LIBRARY_DIR} -lxml2)
- 
--- 
-2.2.1
-
diff --git a/package/libxml2/0002-threads-use-forward-declarations-only-for-glibc.patch b/package/libxml2/0002-threads-use-forward-declarations-only-for-glibc.patch
deleted file mode 100644
index 4123306..0000000
--- a/package/libxml2/0002-threads-use-forward-declarations-only-for-glibc.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-Fix musl compile
-
-Downloaded from upstream commit
-https://git.gnome.org/browse/libxml2/commit/?id=fff8a6b87e05200a0ad0af6f86c2e859c7de9172
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
----
-From fff8a6b87e05200a0ad0af6f86c2e859c7de9172 Mon Sep 17 00:00:00 2001
-From: Michael Heimpold <mhei at heimpold.de>
-Date: Mon, 22 Dec 2014 11:12:12 +0800
-Subject: threads: use forward declarations only for glibc
-
-Fixes bug #704908
-
-The declarations of pthread functions, used to generate weak references
-to them, fail to suppress macros. Thus, if any pthread function has
-been provided as a macro, compiling threads.c will fail.
-This breaks on musl libc, which defines pthread_equal as a macro (in
-addition to providing the function, as required).
-
-Prevent the declarations for e.g. musl libc by refining the condition.
-
-The idea for this solution was borrowed from the alpine linux guys, see
-http://git.alpinelinux.org/cgit/aports/tree/main/libxml2/libxml2-pthread.patch
-
-Signed-off-by: Michael Heimpold <mhei at heimpold.de>
-
-diff --git a/threads.c b/threads.c
-index 8921204..78006a2 100644
---- a/threads.c
-+++ b/threads.c
-@@ -47,7 +47,7 @@
- #ifdef HAVE_PTHREAD_H
- 
- static int libxml_is_threaded = -1;
--#ifdef __GNUC__
-+#if defined(__GNUC__) && defined(__GLIBC__)
- #ifdef linux
- #if (__GNUC__ == 3 && __GNUC_MINOR__ >= 3) || (__GNUC__ > 3)
- extern int pthread_once (pthread_once_t *__once_control,
-@@ -89,7 +89,7 @@ extern int pthread_cond_signal ()
- 	   __attribute((weak));
- #endif
- #endif /* linux */
--#endif /* __GNUC__ */
-+#endif /* defined(__GNUC__) && defined(__GLIBC__) */
- #endif /* HAVE_PTHREAD_H */
- 
- /*
--- 
-cgit v0.10.2
-
diff --git a/package/libxml2/0003-fix-CVE-2015-1819.patch b/package/libxml2/0003-fix-CVE-2015-1819.patch
deleted file mode 100644
index 12569c4..0000000
--- a/package/libxml2/0003-fix-CVE-2015-1819.patch
+++ /dev/null
@@ -1,178 +0,0 @@
-From 213f1fe0d76d30eaed6e5853057defc43e6df2c9 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard at redhat.com>
-Date: Tue, 14 Apr 2015 17:41:48 +0800
-Subject: CVE-2015-1819 Enforce the reader to run in constant memory
-
-One of the operation on the reader could resolve entities
-leading to the classic expansion issue. Make sure the
-buffer used for xmlreader operation is bounded.
-Introduce a new allocation type for the buffers for this effect.
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
----
- buf.c                 | 43 ++++++++++++++++++++++++++++++++++++++++++-
- include/libxml/tree.h |  3 ++-
- xmlreader.c           | 20 +++++++++++++++++++-
- 3 files changed, 63 insertions(+), 3 deletions(-)
-
-diff --git a/buf.c b/buf.c
-index 6efc7b6..07922ff 100644
---- a/buf.c
-+++ b/buf.c
-@@ -27,6 +27,7 @@
- #include <libxml/tree.h>
- #include <libxml/globals.h>
- #include <libxml/tree.h>
-+#include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */
- #include "buf.h"
- 
- #define WITH_BUFFER_COMPAT
-@@ -299,7 +300,8 @@ xmlBufSetAllocationScheme(xmlBufPtr buf,
-     if ((scheme == XML_BUFFER_ALLOC_DOUBLEIT) ||
-         (scheme == XML_BUFFER_ALLOC_EXACT) ||
-         (scheme == XML_BUFFER_ALLOC_HYBRID) ||
--        (scheme == XML_BUFFER_ALLOC_IMMUTABLE)) {
-+        (scheme == XML_BUFFER_ALLOC_IMMUTABLE) ||
-+	(scheme == XML_BUFFER_ALLOC_BOUNDED)) {
- 	buf->alloc = scheme;
-         if (buf->buffer)
-             buf->buffer->alloc = scheme;
-@@ -458,6 +460,18 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t len) {
-     size = buf->use + len + 100;
- #endif
- 
-+    if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+        /*
-+	 * Used to provide parsing limits
-+	 */
-+        if ((buf->use + len >= XML_MAX_TEXT_LENGTH) ||
-+	    (buf->size >= XML_MAX_TEXT_LENGTH)) {
-+	    xmlBufMemoryError(buf, "buffer error: text too long\n");
-+	    return(0);
-+	}
-+	if (size >= XML_MAX_TEXT_LENGTH)
-+	    size = XML_MAX_TEXT_LENGTH;
-+    }
-     if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
-         size_t start_buf = buf->content - buf->contentIO;
- 
-@@ -739,6 +753,15 @@ xmlBufResize(xmlBufPtr buf, size_t size)
-     CHECK_COMPAT(buf)
- 
-     if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
-+    if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+        /*
-+	 * Used to provide parsing limits
-+	 */
-+        if (size >= XML_MAX_TEXT_LENGTH) {
-+	    xmlBufMemoryError(buf, "buffer error: text too long\n");
-+	    return(0);
-+	}
-+    }
- 
-     /* Don't resize if we don't have to */
-     if (size < buf->size)
-@@ -867,6 +890,15 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) {
- 
-     needSize = buf->use + len + 2;
-     if (needSize > buf->size){
-+	if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+	    /*
-+	     * Used to provide parsing limits
-+	     */
-+	    if (needSize >= XML_MAX_TEXT_LENGTH) {
-+		xmlBufMemoryError(buf, "buffer error: text too long\n");
-+		return(-1);
-+	    }
-+	}
-         if (!xmlBufResize(buf, needSize)){
- 	    xmlBufMemoryError(buf, "growing buffer");
-             return XML_ERR_NO_MEMORY;
-@@ -938,6 +970,15 @@ xmlBufAddHead(xmlBufPtr buf, const xmlChar *str, int len) {
-     }
-     needSize = buf->use + len + 2;
-     if (needSize > buf->size){
-+	if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+	    /*
-+	     * Used to provide parsing limits
-+	     */
-+	    if (needSize >= XML_MAX_TEXT_LENGTH) {
-+		xmlBufMemoryError(buf, "buffer error: text too long\n");
-+		return(-1);
-+	    }
-+	}
-         if (!xmlBufResize(buf, needSize)){
- 	    xmlBufMemoryError(buf, "growing buffer");
-             return XML_ERR_NO_MEMORY;
-diff --git a/include/libxml/tree.h b/include/libxml/tree.h
-index 2f90717..4a9b3bc 100644
---- a/include/libxml/tree.h
-+++ b/include/libxml/tree.h
-@@ -76,7 +76,8 @@ typedef enum {
-     XML_BUFFER_ALLOC_EXACT,	/* grow only to the minimal size */
-     XML_BUFFER_ALLOC_IMMUTABLE, /* immutable buffer */
-     XML_BUFFER_ALLOC_IO,	/* special allocation scheme used for I/O */
--    XML_BUFFER_ALLOC_HYBRID	/* exact up to a threshold, and doubleit thereafter */
-+    XML_BUFFER_ALLOC_HYBRID,	/* exact up to a threshold, and doubleit thereafter */
-+    XML_BUFFER_ALLOC_BOUNDED	/* limit the upper size of the buffer */
- } xmlBufferAllocationScheme;
- 
- /**
-diff --git a/xmlreader.c b/xmlreader.c
-index f19e123..471e7e2 100644
---- a/xmlreader.c
-+++ b/xmlreader.c
-@@ -2091,6 +2091,9 @@ xmlNewTextReader(xmlParserInputBufferPtr input, const char *URI) {
- 		"xmlNewTextReader : malloc failed\n");
- 	return(NULL);
-     }
-+    /* no operation on a reader should require a huge buffer */
-+    xmlBufSetAllocationScheme(ret->buffer,
-+			      XML_BUFFER_ALLOC_BOUNDED);
-     ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
-     if (ret->sax == NULL) {
- 	xmlBufFree(ret->buffer);
-@@ -3616,6 +3619,7 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
- 	    return(((xmlNsPtr) node)->href);
-         case XML_ATTRIBUTE_NODE:{
- 	    xmlAttrPtr attr = (xmlAttrPtr) node;
-+	    const xmlChar *ret;
- 
- 	    if ((attr->children != NULL) &&
- 	        (attr->children->type == XML_TEXT_NODE) &&
-@@ -3629,10 +3633,21 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
-                                         "xmlTextReaderSetup : malloc failed\n");
-                         return (NULL);
-                     }
-+		    xmlBufSetAllocationScheme(reader->buffer,
-+		                              XML_BUFFER_ALLOC_BOUNDED);
-                 } else
-                     xmlBufEmpty(reader->buffer);
- 	        xmlBufGetNodeContent(reader->buffer, node);
--		return(xmlBufContent(reader->buffer));
-+		ret = xmlBufContent(reader->buffer);
-+		if (ret == NULL) {
-+		    /* error on the buffer best to reallocate */
-+		    xmlBufFree(reader->buffer);
-+		    reader->buffer = xmlBufCreateSize(100);
-+		    xmlBufSetAllocationScheme(reader->buffer,
-+		                              XML_BUFFER_ALLOC_BOUNDED);
-+		    ret = BAD_CAST "";
-+		}
-+		return(ret);
- 	    }
- 	    break;
- 	}
-@@ -5131,6 +5146,9 @@ xmlTextReaderSetup(xmlTextReaderPtr reader,
-                         "xmlTextReaderSetup : malloc failed\n");
-         return (-1);
-     }
-+    /* no operation on a reader should require a huge buffer */
-+    xmlBufSetAllocationScheme(reader->buffer,
-+			      XML_BUFFER_ALLOC_BOUNDED);
-     if (reader->sax == NULL)
- 	reader->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
-     if (reader->sax == NULL) {
--- 
-cgit v0.11.2
-
diff --git a/package/libxml2/0004-fix-CVE-2015-7941-1.patch b/package/libxml2/0004-fix-CVE-2015-7941-1.patch
deleted file mode 100644
index db41082..0000000
--- a/package/libxml2/0004-fix-CVE-2015-7941-1.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard at redhat.com>
-Date: Mon, 23 Feb 2015 11:17:35 +0800
-Subject: Stop parsing on entities boundaries errors
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=744980
-
-There are times, like on unterminated entities that it's preferable to
-stop parsing, even if that means less error reporting. Entities are
-feeding the parser on further processing, and if they are ill defined
-then it's possible to get the parser to bug. Also do the same on
-Conditional Sections if the input is broken, as the structure of
-the document can't be guessed.
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
----
- parser.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/parser.c b/parser.c
-index a8d1b67..bbe97eb 100644
---- a/parser.c
-+++ b/parser.c
-@@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
- 	if (RAW != '>') {
- 	    xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
- 	            "xmlParseEntityDecl: entity %s not terminated\n", name);
-+	    xmlStopParser(ctxt);
- 	} else {
- 	    if (input != ctxt->input) {
- 		xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
--- 
-cgit v0.11.2
-
diff --git a/package/libxml2/0005-fix-CVE-2015-7941-2.patch b/package/libxml2/0005-fix-CVE-2015-7941-2.patch
deleted file mode 100644
index 9556277..0000000
--- a/package/libxml2/0005-fix-CVE-2015-7941-2.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard at redhat.com>
-Date: Mon, 23 Feb 2015 11:29:20 +0800
-Subject: Cleanup conditional section error handling
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=744980
-
-The error handling of Conditional Section also need to be
-straightened as the structure of the document can't be
-guessed on a failure there and it's better to stop parsing
-as further errors are likely to be irrelevant.
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
----
- parser.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/parser.c b/parser.c
-index bbe97eb..fe603ac 100644
---- a/parser.c
-+++ b/parser.c
-@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- 	SKIP_BLANKS;
- 	if (RAW != '[') {
- 	    xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
-+	    xmlStopParser(ctxt);
-+	    return;
- 	} else {
- 	    if (ctxt->input->id != id) {
- 		xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
-@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- 	SKIP_BLANKS;
- 	if (RAW != '[') {
- 	    xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
-+	    xmlStopParser(ctxt);
-+	    return;
- 	} else {
- 	    if (ctxt->input->id != id) {
- 		xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
-@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- 
-     } else {
- 	xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
-+	xmlStopParser(ctxt);
-+	return;
-     }
- 
-     if (RAW == 0)
--- 
-cgit v0.11.2
-
diff --git a/package/libxml2/0006-fix-CVE-2015-7942-1.patch b/package/libxml2/0006-fix-CVE-2015-7942-1.patch
deleted file mode 100644
index 9dbc623..0000000
--- a/package/libxml2/0006-fix-CVE-2015-7942-1.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From bd0526e66a56e75a18da8c15c4750db8f801c52d Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard at redhat.com>
-Date: Fri, 23 Oct 2015 19:02:28 +0800
-Subject: Another variation of overflow in Conditional sections
-
-Which happen after the previous fix to
-https://bugzilla.gnome.org/show_bug.cgi?id=756456
-
-But stopping the parser and exiting we didn't pop the intermediary entities
-and doing the SKIP there applies on an input which may be too small
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
----
- parser.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index a65e4cc..b9217ff 100644
---- a/parser.c
-+++ b/parser.c
-@@ -6915,7 +6915,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- 	"All markup of the conditional section is not in the same entity\n",
- 				 NULL, NULL);
- 	}
--        SKIP(3);
-+	if ((ctxt-> instate != XML_PARSER_EOF) &&
-+	    ((ctxt->input->cur + 3) < ctxt->input->end))
-+	    SKIP(3);
-     }
- }
- 
--- 
-cgit v0.11.2
-
diff --git a/package/libxml2/0007-fix-CVE-2015-7942-2.patch b/package/libxml2/0007-fix-CVE-2015-7942-2.patch
deleted file mode 100644
index 59bf89e..0000000
--- a/package/libxml2/0007-fix-CVE-2015-7942-2.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 41ac9049a27f52e7a1f3b341f8714149fc88d450 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard at redhat.com>
-Date: Tue, 27 Oct 2015 10:53:44 +0800
-Subject: Fix an error in previous Conditional section patch
-
-an off by one mistake in the change, led to error on correct
-document where the end of the included entity was exactly
-the end of the conditional section, leading to regtest failure
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
----
- parser.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index b9217ff..d67b300 100644
---- a/parser.c
-+++ b/parser.c
-@@ -6916,7 +6916,7 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- 				 NULL, NULL);
- 	}
- 	if ((ctxt-> instate != XML_PARSER_EOF) &&
--	    ((ctxt->input->cur + 3) < ctxt->input->end))
-+	    ((ctxt->input->cur + 3) <= ctxt->input->end))
- 	    SKIP(3);
-     }
- }
--- 
-cgit v0.11.2
-
diff --git a/package/libxml2/0008-fix-CVE-2015-8035.patch b/package/libxml2/0008-fix-CVE-2015-8035.patch
deleted file mode 100644
index 6673f3e..0000000
--- a/package/libxml2/0008-fix-CVE-2015-8035.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard at redhat.com>
-Date: Tue, 3 Nov 2015 15:31:25 +0800
-Subject: CVE-2015-8035 Fix XZ compression support loop
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=757466
-DoS when parsing specially crafted XML document if XZ support
-is compiled in (which wasn't the case for 2.9.2 and master since
-Nov 2013, fixed in next commit !)
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
----
- xzlib.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/xzlib.c b/xzlib.c
-index 0dcb9f4..1fab546 100644
---- a/xzlib.c
-+++ b/xzlib.c
-@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
-             xz_error(state, LZMA_DATA_ERROR, "compressed data error");
-             return -1;
-         }
-+        if (ret == LZMA_PROG_ERROR) {
-+            xz_error(state, LZMA_PROG_ERROR, "compression error");
-+            return -1;
-+        }
-     } while (strm->avail_out && ret != LZMA_STREAM_END);
- 
-     /* update available output and crc check value */
--- 
-cgit v0.11.2
-
diff --git a/package/libxml2/libxml2.hash b/package/libxml2/libxml2.hash
index 69f4fdc..00fbf43 100644
--- a/package/libxml2/libxml2.hash
+++ b/package/libxml2/libxml2.hash
@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256	5178c30b151d044aefb1b08bf54c3003a0ac55c59c866763997529d60770d5bc	libxml2-2.9.2.tar.gz
+sha256	4de9e31f46b44d34871c22f54bfc54398ef124d6f7cafb1f4a5958fbcd3ba12d	libxml2-2.9.3.tar.gz
diff --git a/package/libxml2/libxml2.mk b/package/libxml2/libxml2.mk
index e5832b2..acfe59f 100644
--- a/package/libxml2/libxml2.mk
+++ b/package/libxml2/libxml2.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBXML2_VERSION = 2.9.2
+LIBXML2_VERSION = 2.9.3
 LIBXML2_SITE = ftp://xmlsoft.org/libxml2
 LIBXML2_INSTALL_STAGING = YES
 LIBXML2_AUTORECONF = YES


More information about the buildroot mailing list