[PATCH 1/1] xml2: Import upstream release 2.12.9.

From: Daniel Lehman dlehman25@gmail.com

to address CVE-2024-40896 --- libs/xml2/include/libxml/parser.h | 2 +- libs/xml2/include/libxml/xmlversion.h | 8 ++++---- libs/xml2/parser.c | 8 ++++++++ 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/libs/xml2/include/libxml/parser.h b/libs/xml2/include/libxml/parser.h index 87aacef910f..fd6d52074d6 100644 --- a/libs/xml2/include/libxml/parser.h +++ b/libs/xml2/include/libxml/parser.h @@ -953,7 +953,7 @@ XML_DEPRECATED XMLPUBFUN int xmlSubstituteEntitiesDefault(int val); XML_DEPRECATED XMLPUBFUN int xmlThrDefSubstituteEntitiesDefaultValue(int v); -XML_DEPRECATED XMLPUBFUN int +XMLPUBFUN int xmlKeepBlanksDefault (int val); XML_DEPRECATED XMLPUBFUN int xmlThrDefKeepBlanksDefaultValue(int v); diff --git a/libs/xml2/include/libxml/xmlversion.h b/libs/xml2/include/libxml/xmlversion.h index 2374eaf1aea..36aa9ba0529 100644 --- a/libs/xml2/include/libxml/xmlversion.h +++ b/libs/xml2/include/libxml/xmlversion.h @@ -29,21 +29,21 @@ XMLPUBFUN void xmlCheckVersion(int version); * * the version string like "1.2.3" */ -#define LIBXML_DOTTED_VERSION "2.12.8" +#define LIBXML_DOTTED_VERSION "2.12.9"

/** * LIBXML_VERSION: * * the version number: 1.2.3 value is 10203 */ -#define LIBXML_VERSION 21208 +#define LIBXML_VERSION 21209

/** * LIBXML_VERSION_STRING: * * the version number string, 1.2.3 value is "10203" */ -#define LIBXML_VERSION_STRING "21208" +#define LIBXML_VERSION_STRING "21209"

/** * LIBXML_VERSION_EXTRA: @@ -58,7 +58,7 @@ XMLPUBFUN void xmlCheckVersion(int version); * Macro to check that the libxml version in use is compatible with * the version the software has been compiled against */ -#define LIBXML_TEST_VERSION xmlCheckVersion(21208); +#define LIBXML_TEST_VERSION xmlCheckVersion(21209);

#ifndef VMS #if 0 diff --git a/libs/xml2/parser.c b/libs/xml2/parser.c index 8fa8672ecea..9b8f349707d 100644 --- a/libs/xml2/parser.c +++ b/libs/xml2/parser.c @@ -7280,6 +7280,14 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { return; }

+ /* + * Some users try to parse entities on their own and used to set + * the renamed "checked" member. Fix the flags to cover this + * case. + */ + if (((ent->flags & XML_ENT_PARSED) == 0) && (ent->children != NULL)) + ent->flags |= XML_ENT_PARSED; + /* * The first reference to the entity trigger a parsing phase * where the ent->children is filled with the result from