diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD
index 29a8a0ca83051b05392ccef8c7ab558558e022e7..120fab4118ce563775a74f7275825f8ef5619fbc 100644
--- a/main/libxml2/APKBUILD
+++ b/main/libxml2/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=libxml2
-pkgver=2.9.8
-pkgrel=2
+pkgver=2.9.9
+pkgrel=0
pkgdesc="XML parsing library, version 2"
url="http://www.xmlsoft.org/"
arch="all"
@@ -14,9 +14,6 @@ subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-utils
py-$pkgname:_py py2-$pkgname:_py py3-$pkgname:_py"
options="!strip"
source="http://xmlsoft.org/sources/$pkgname-$pkgver.tar.gz
- CVE-2018-9251-CVE-2018-14567.patch
- CVE-2018-14404.patch
- Length-related-XHTML-parsing-errors.patch
"
builddir="$srcdir/$pkgname-$pkgver"
@@ -111,7 +108,4 @@ utils() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-sha512sums="28903282c7672206effa1362fd564cbe4cf5be44264b083a7d14e383f73bccd1b81bcafb5f4f2f56f5e7e05914c660e27668c9ce91b1b9f256ef5358d55ba917 libxml2-2.9.8.tar.gz
-31f6cd6650b05cdd95455fd72927ef6b1f1d23ca4d8d5f776ee83277d670363dfe6bdd2c1330e8f9131212456dece2595b16868fc01f0ab750009b0a007eb513 CVE-2018-9251-CVE-2018-14567.patch
-c273b88d26e475e8a7f73e92ce9a77b1025f3704f11aa129c867e08424d32f1d7d81f4a2991d0cef28db4b8e122c6b356097be24b4651ef1b5a040a466bdcd13 CVE-2018-14404.patch
-939a7acd13014766b218d61256b7ac72279618f8831095f708f4713e080f45ab9d922846479d01f9995b8799bc24c38b5b73548968764d7315b6ffc9d3dc547a Length-related-XHTML-parsing-errors.patch"
+sha512sums="cb7784ba4e72e942614e12e4f83f4ceb275f3d738b30e3b5c1f25edf8e9fa6789e854685974eed95b362049dbf6c8e7357e0327d64c681ed390534ac154e6810 libxml2-2.9.9.tar.gz"
diff --git a/main/libxml2/CVE-2018-14404.patch b/main/libxml2/CVE-2018-14404.patch
deleted file mode 100644
index aa25662e9421d8f034b883cd4819100215d715b5..0000000000000000000000000000000000000000
--- a/main/libxml2/CVE-2018-14404.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From a436374994c47b12d5de1b8b1d191a098fa23594 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Mon, 30 Jul 2018 12:54:38 +0200
-Subject: [PATCH] Fix nullptr deref with XPath logic ops
-
-If the XPath stack is corrupted, for example by a misbehaving extension
-function, the "and" and "or" XPath operators could dereference NULL
-pointers. Check that the XPath stack isn't empty and optimize the
-logic operators slightly.
-
-Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/5
-
-Also see
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
-https://bugzilla.redhat.com/show_bug.cgi?id=1595985
-
-This is CVE-2018-14404.
-
-Thanks to Guy Inbar for the report.
----
- xpath.c | 10 ++++------
- 1 file changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/xpath.c b/xpath.c
-index 3fae0bf4..5e3bb9ff 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -13234,9 +13234,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- return(0);
- }
- xmlXPathBooleanFunction(ctxt, 1);
-- arg1 = valuePop(ctxt);
-- arg1->boolval &= arg2->boolval;
-- valuePush(ctxt, arg1);
-+ if (ctxt->value != NULL)
-+ ctxt->value->boolval &= arg2->boolval;
- xmlXPathReleaseObject(ctxt->context, arg2);
- return (total);
- case XPATH_OP_OR:
-@@ -13252,9 +13251,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- return(0);
- }
- xmlXPathBooleanFunction(ctxt, 1);
-- arg1 = valuePop(ctxt);
-- arg1->boolval |= arg2->boolval;
-- valuePush(ctxt, arg1);
-+ if (ctxt->value != NULL)
-+ ctxt->value->boolval |= arg2->boolval;
- xmlXPathReleaseObject(ctxt->context, arg2);
- return (total);
- case XPATH_OP_EQUAL:
---
-2.18.1
-
diff --git a/main/libxml2/CVE-2018-9251-CVE-2018-14567.patch b/main/libxml2/CVE-2018-9251-CVE-2018-14567.patch
deleted file mode 100644
index 46c0c0e808c5018be3270d1ff50f3ff172b1dbb3..0000000000000000000000000000000000000000
--- a/main/libxml2/CVE-2018-9251-CVE-2018-14567.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 2240fbf5912054af025fb6e01e26375100275e74 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Mon, 30 Jul 2018 13:14:11 +0200
-Subject: [PATCH] Fix infinite loop in LZMA decompression
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Check the liblzma error code more thoroughly to avoid infinite loops.
-
-Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13
-Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914
-
-This is CVE-2018-9251 and CVE-2018-14567.
-
-Thanks to Dongliang Mu and Simon Wörner for the reports.
----
- xzlib.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/xzlib.c b/xzlib.c
-index a839169e..0ba88cfa 100644
---- a/xzlib.c
-+++ b/xzlib.c
-@@ -562,6 +562,10 @@ xz_decomp(xz_statep state)
- "internal error: inflate stream corrupt");
- return -1;
- }
-+ /*
-+ * FIXME: Remapping a couple of error codes and falling through
-+ * to the LZMA error handling looks fragile.
-+ */
- if (ret == Z_MEM_ERROR)
- ret = LZMA_MEM_ERROR;
- if (ret == Z_DATA_ERROR)
-@@ -587,6 +591,11 @@ xz_decomp(xz_statep state)
- xz_error(state, LZMA_PROG_ERROR, "compression error");
- return -1;
- }
-+ if ((state->how != GZIP) &&
-+ (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) {
-+ xz_error(state, ret, "lzma error");
-+ return -1;
-+ }
- } while (strm->avail_out && ret != LZMA_STREAM_END);
-
- /* update available output and crc check value */
---
-2.18.1
-
diff --git a/main/libxml2/Length-related-XHTML-parsing-errors.patch b/main/libxml2/Length-related-XHTML-parsing-errors.patch
deleted file mode 100644
index 7a4363198e65567db2603a3c9b08876db26f67e0..0000000000000000000000000000000000000000
--- a/main/libxml2/Length-related-XHTML-parsing-errors.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 7a1bd7f6497ac33a9023d556f6f47a48f01deac0 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Sat, 17 Mar 2018 00:03:24 +0100
-Subject: [PATCH] Revert "Change calls to xmlCharEncInput to set flush false"
-
-This reverts commit 6e6ae5daa6cd9640c9a83c1070896273e9b30d14 which
-broke decoding of larger documents with ICU.
-
-See https://bugs.chromium.org/p/chromium/issues/detail?id=820163
----
- HTMLparser.c | 2 +-
- parserInternals.c | 2 +-
- xmlIO.c | 4 ++--
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/HTMLparser.c b/HTMLparser.c
-index 9adeb174..7e243e60 100644
---- a/HTMLparser.c
-+++ b/HTMLparser.c
-@@ -3635,7 +3635,7 @@ htmlCheckEncodingDirect(htmlParserCtxtPtr ctxt, const xmlChar *encoding) {
- */
- processed = ctxt->input->cur - ctxt->input->base;
- xmlBufShrink(ctxt->input->buf->buffer, processed);
-- nbchars = xmlCharEncInput(ctxt->input->buf, 0);
-+ nbchars = xmlCharEncInput(ctxt->input->buf, 1);
- if (nbchars < 0) {
- htmlParseErr(ctxt, XML_ERR_INVALID_ENCODING,
- "htmlCheckEncoding: encoder error\n",
-diff --git a/parserInternals.c b/parserInternals.c
-index 8c0cd57a..09876ab4 100644
---- a/parserInternals.c
-+++ b/parserInternals.c
-@@ -1214,7 +1214,7 @@ xmlSwitchInputEncodingInt(xmlParserCtxtPtr ctxt, xmlParserInputPtr input,
- /*
- * convert as much as possible of the buffer
- */
-- nbchars = xmlCharEncInput(input->buf, 0);
-+ nbchars = xmlCharEncInput(input->buf, 1);
- } else {
- /*
- * convert just enough to get
-diff --git a/xmlIO.c b/xmlIO.c
-index 82543477..f61dd05a 100644
---- a/xmlIO.c
-+++ b/xmlIO.c
-@@ -3157,7 +3157,7 @@ xmlParserInputBufferPush(xmlParserInputBufferPtr in,
- * convert as much as possible to the parser reading buffer.
- */
- use = xmlBufUse(in->raw);
-- nbchars = xmlCharEncInput(in, 0);
-+ nbchars = xmlCharEncInput(in, 1);
- if (nbchars < 0) {
- xmlIOErr(XML_IO_ENCODER, NULL);
- in->error = XML_IO_ENCODER;
-@@ -3273,7 +3273,7 @@ xmlParserInputBufferGrow(xmlParserInputBufferPtr in, int len) {
- * convert as much as possible to the parser reading buffer.
- */
- use = xmlBufUse(in->raw);
-- nbchars = xmlCharEncInput(in, 0);
-+ nbchars = xmlCharEncInput(in, 1);
- if (nbchars < 0) {
- xmlIOErr(XML_IO_ENCODER, NULL);
- in->error = XML_IO_ENCODER;
\ No newline at end of file
diff --git a/main/libxml2/fix-utf8-error-message.patch b/main/libxml2/fix-utf8-error-message.patch
deleted file mode 100644
index e87dcdedf88ced34b3a75323d1b8c9698cc5edce..0000000000000000000000000000000000000000
--- a/main/libxml2/fix-utf8-error-message.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Index: libxml2-2.9.5/python/libxml.c
-===================================================================
---- libxml2-2.9.5.orig/python/libxml.c
-+++ libxml2-2.9.5/python/libxml.c
-@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
- PyObject *message;
- PyObject *result;
- char str[1000];
-+ unsigned char *ptr = (unsigned char *)str;
-
- #ifdef DEBUG_ERROR
- printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg);
-@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
- str[999] = 0;
- va_end(ap);
-
-+#if PY_MAJOR_VERSION >= 3
-+ /* Ensure the error string doesn't start at UTF8 continuation. */
-+ while (*ptr && (*ptr & 0xc0) == 0x80)
-+ ptr++;
-+#endif
-+
- list = PyTuple_New(2);
- PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt);
- Py_XINCREF(libxml_xmlPythonErrorFuncCtxt);
-- message = libxml_charPtrConstWrap(str);
-+ message = libxml_charPtrConstWrap(ptr);
- PyTuple_SetItem(list, 1, message);
- result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list);
-+ /* Forget any errors caused in the error handler. */
-+ PyErr_Clear();
- Py_XDECREF(list);
- Py_XDECREF(result);
- }