From a8d0b113aee5bfe33ff1f37be2d15dabe74f2b81 Mon Sep 17 00:00:00 2001
From: Britney Fransen <brfransen@gmail.com>
Date: Tue, 2 Dec 2014 14:03:34 +0000
Subject: libxml2: update to 2.9.2

---
 abs/core/libxml2/PKGBUILD                        | 42 +++++++++++++++---------
 abs/core/libxml2/fix-CVE-2014-3660.patch         | 28 ++++++++++++++++
 abs/core/libxml2/revert-catalog-initialize.patch | 26 +++++++++++++++
 3 files changed, 80 insertions(+), 16 deletions(-)
 create mode 100644 abs/core/libxml2/fix-CVE-2014-3660.patch
 create mode 100644 abs/core/libxml2/revert-catalog-initialize.patch

diff --git a/abs/core/libxml2/PKGBUILD b/abs/core/libxml2/PKGBUILD
index 58c4756..0949823 100644
--- a/abs/core/libxml2/PKGBUILD
+++ b/abs/core/libxml2/PKGBUILD
@@ -1,38 +1,48 @@
-# $Id: PKGBUILD 165211 2012-08-13 09:09:13Z jgc $
+# $Id$
 # Maintainer: Jan de Groot <jgc@archlinux.org>
+# Maintainer: Tom Gundersen <teg@jklm.no>
 # Contributor: John Proctor <jproctor@prium.net>
 
 pkgname=libxml2
-pkgver=2.8.0
-pkgrel=1
+pkgver=2.9.2
+pkgrel=2
 pkgdesc="XML parsing library, version 2"
 arch=(i686 x86_64)
-license=('custom')
-depends=('zlib>=1.2.4' 'readline>=6.1' 'ncurses>=5.7' 'xz')
+license=('MIT')
+depends=('zlib' 'readline' 'ncurses' 'xz')
 makedepends=('python2')
-options=('!libtool')
+optdepends=('python2: python bindings to libxml')
 url="http://www.xmlsoft.org/"
 source=(ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
-        http://www.w3.org/XML/Test/xmlts20080205.tar.gz)
-md5sums=('c62106f02ee00b6437f0fb9d370c1093'
-         'b255be9a1c7f7021e52448e4ec8d7a0d')
+        http://www.w3.org/XML/Test/xmlts20080827.tar.gz
+        revert-catalog-initialize.patch
+        fix-CVE-2014-3660.patch)
+md5sums=('9e6a9aca9d155737868b3dc5fd82f788'
+         'ae3d1ebe000a3972afa104ca7f0e1b4a'
+         'fdb2e26174ac9cced85ffbf4fb782187'
+         '71c88ee5a133461a8ab8aaa194899453')
 
-build() {
-  cd "${srcdir}/${pkgname}-${pkgver}"
+prepare() {
+  cd ${pkgname}-${pkgver}
   sed -e 's|/usr/bin/python -u|/usr/bin/python2 -u|g' -e 's|/usr/bin/python$|/usr/bin/python2|g' -i python/tests/*.py
-  ./configure --prefix=/usr --with-threads --with-history \
-     --with-python=/usr/bin/python2
+  mv ../xmlconf .
+  patch -Np1 -i ../revert-catalog-initialize.patch
+  patch -Np1 -i ../fix-CVE-2014-3660.patch
+}
+
+build() {
+  cd ${pkgname}-${pkgver}
+  ./configure --prefix=/usr --with-threads --with-history --with-python=/usr/bin/python2
   make
 }
 
 check() {
-  cd "${srcdir}/${pkgname}-${pkgver}"
-  mv "${srcdir}/xmlconf" .
+  cd ${pkgname}-${pkgver}
   make check
 }
 
 package() {
-  cd "${srcdir}/${pkgname}-${pkgver}"
+  cd ${pkgname}-${pkgver}
   make DESTDIR="${pkgdir}" install
   install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING"
 }
diff --git a/abs/core/libxml2/fix-CVE-2014-3660.patch b/abs/core/libxml2/fix-CVE-2014-3660.patch
new file mode 100644
index 0000000..9e6441c
--- /dev/null
+++ b/abs/core/libxml2/fix-CVE-2014-3660.patch
@@ -0,0 +1,28 @@
+From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 23 Oct 2014 11:35:36 +0800
+Subject: Fix missing entities after CVE-2014-3660 fix
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=738805
+
+The fix for CVE-2014-3660 introduced a regression in some case
+where entity substitution is required and the entity is used
+first in anotther entity referenced from an attribute value
+
+diff --git a/parser.c b/parser.c
+index 67c9dfd..a8d1b67 100644
+--- a/parser.c
++++ b/parser.c
+@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
+      * far more secure as the parser will only process data coming from
+      * the document entity by default.
+      */
+-    if ((ent->checked == 0) &&
++    if (((ent->checked == 0) ||
++         ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&
+         ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
+          (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
+ 	unsigned long oldnbent = ctxt->nbentities;
+-- 
+cgit v0.10.1
+
diff --git a/abs/core/libxml2/revert-catalog-initialize.patch b/abs/core/libxml2/revert-catalog-initialize.patch
new file mode 100644
index 0000000..d98b382
--- /dev/null
+++ b/abs/core/libxml2/revert-catalog-initialize.patch
@@ -0,0 +1,26 @@
+From f65128f38289d77ff322d63aef2858cc0a819c34 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 17 Oct 2014 17:13:41 +0800
+Subject: Revert "Missing initialization for the catalog module"
+
+This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7.
+As this break xmlcatalog command
+https://bugzilla.redhat.com/show_bug.cgi?id=1153753
+
+diff --git a/parser.c b/parser.c
+index 1d93967..67c9dfd 100644
+--- a/parser.c
++++ b/parser.c
+@@ -14830,9 +14830,6 @@ xmlInitParser(void) {
+ #ifdef LIBXML_XPATH_ENABLED
+ 	xmlXPathInit();
+ #endif
+-#ifdef LIBXML_CATALOG_ENABLED
+-        xmlInitializeCatalog();
+-#endif
+ 	xmlParserInitialized = 1;
+ #ifdef LIBXML_THREAD_ENABLED
+     }
+-- 
+cgit v0.10.1
+
-- 
cgit v0.12