libxml2: Upgrade 2.9.13 -> 2.9.14

Security

[CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
Fix potential double-free in xmlXPtrStringRangeFunction
Fix memory leak in xmlFindCharEncodingHandler
Normalize XPath strings in-place
Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() (David Kilzer)
Fix leak of xmlElementContent (David Kilzer)

Bug fixes

Fix parsing of subtracted regex character classes
Fix recursion check in xinclude.c
Reset last error in xmlCleanupGlobals
Fix certain combinations of regex range quantifiers
Fix range quantifier on subregex

Improvements

Fix recovery from invalid HTML start tags

Build system, portability

Define LFS macros before including system headers
Initialize XPath floating-point globals
configure: check for icu DEFS (James Hilliard)
configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
Fix build with older Python versions
Fix --without-valid build

(From OE-Core rev: 393b81058f3b970eb906a7f9daa842d8a0747700)

Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c4ba21f4012e8859fc793bec7df76e56eb8058ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch

@@ -1,99 +0,0 @@
-From 646fe48d1c8a74310c409ddf81fe7df6700052af Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 22 Feb 2022 11:51:08 +0100
-Subject: [PATCH] Fix --without-valid build
-
-Regressed in commit 652dd12a.
----
- valid.c | 58 ++++++++++++++++++++++++++++-----------------------------
- 1 file changed, 29 insertions(+), 29 deletions(-)
----
-
-From https://github.com/GNOME/libxml2.git
- commit 646fe48d1c8a74310c409ddf81fe7df6700052af
-
-CVE: CVE-2022-23308
-Upstream-Status: Backport
-
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
-
-
-diff --git a/valid.c b/valid.c
-index 8e596f1d..9684683a 100644
---- a/valid.c
-+++ b/valid.c
-@@ -479,35 +479,6 @@ nodeVPop(xmlValidCtxtPtr ctxt)
-     return (ret);
- }
- 
--/**
-- * xmlValidNormalizeString:
-- * @str: a string
-- *
-- * Normalize a string in-place.
-- */
--static void
--xmlValidNormalizeString(xmlChar *str) {
--    xmlChar *dst;
--    const xmlChar *src;
--
--    if (str == NULL)
--        return;
--    src = str;
--    dst = str;
--
--    while (*src == 0x20) src++;
--    while (*src != 0) {
--	if (*src == 0x20) {
--	    while (*src == 0x20) src++;
--	    if (*src != 0)
--		*dst++ = 0x20;
--	} else {
--	    *dst++ = *src++;
--	}
--    }
--    *dst = 0;
--}
--
- #ifdef DEBUG_VALID_ALGO
- static void
- xmlValidPrintNode(xmlNodePtr cur) {
-@@ -2636,6 +2607,35 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) {
- 	    (xmlDictOwns(dict, (const xmlChar *)(str)) == 0)))	\
- 	    xmlFree((char *)(str));
- 
-+/**
-+ * xmlValidNormalizeString:
-+ * @str: a string
-+ *
-+ * Normalize a string in-place.
-+ */
-+static void
-+xmlValidNormalizeString(xmlChar *str) {
-+    xmlChar *dst;
-+    const xmlChar *src;
-+
-+    if (str == NULL)
-+        return;
-+    src = str;
-+    dst = str;
-+
-+    while (*src == 0x20) src++;
-+    while (*src != 0) {
-+	if (*src == 0x20) {
-+	    while (*src == 0x20) src++;
-+	    if (*src != 0)
-+		*dst++ = 0x20;
-+	} else {
-+	    *dst++ = *src++;
-+	}
-+    }
-+    *dst = 0;
-+}
-+
- static int
- xmlIsStreaming(xmlValidCtxtPtr ctxt) {
-     xmlParserCtxtPtr pctxt;
--- 
-2.35.1
-

meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch

@@ -1,4 +1,4 @@
-From f57da62218cf72c1342da82abafdac6b0a2e4997 Mon Sep 17 00:00:00 2001
+From 7196bce35954c4b46391cb0139aeb15ed628fa54 Mon Sep 17 00:00:00 2001
 From: Tony Tascioglu <tony.tascioglu@windriver.com>
 Date: Fri, 14 May 2021 11:50:35 -0400
 Subject: [PATCH] AM_PATH_XML2 uses xml-config which we disable through
@@ -16,16 +16,18 @@ Rebase to 2.9.9
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 
 Updated to apply cleanly to v2.9.12
-
 Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
----
- libxml.m4 | 190 ++----------------------------------------------------
- 1 file changed, 5 insertions(+), 185 deletions(-)
 
-Index: libxml2-2.9.13/libxml.m4
-===================================================================
---- libxml2-2.9.13.orig/libxml.m4
-+++ libxml2-2.9.13/libxml.m4
+Rebase to 2.9.14
+Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
+---
+ libxml.m4 | 189 ++----------------------------------------------------
+ 1 file changed, 5 insertions(+), 184 deletions(-)
+
+diff --git a/libxml.m4 b/libxml.m4
+index fc7790c..1c53585 100644
+--- a/libxml.m4
++++ b/libxml.m4
 @@ -1,191 +1,12 @@
 -# Configure paths for LIBXML2
 -# Simon Josefsson 2020-02-12
@@ -223,3 +225,6 @@ Index: libxml2-2.9.13/libxml.m4
 -  AC_SUBST(XML_LIBS)
 -  rm -f conf.xmltest
  ])
+-- 
+2.34.1
+

meta/recipes-core/libxml/libxml2_2.9.14.bb

@@ -23,11 +23,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
            file://remove-fuzz-from-ptests.patch \
            file://libxml-m4-use-pkgconfig.patch \
            "
-# will be in v2.9.14
-#
-SRC_URI += "file://CVE-2022-23308-fix-regression.patch"
 
-SRC_URI[archive.sha256sum] = "276130602d12fe484ecc03447ee5e759d0465558fbc9d6bd144e3745306ebf0e"
+SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
 SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
 
 BINCONFIG = "${bindir}/xml2-config"