Updated libxml to 2.10.4

Author: dlemstra

.gitlab-ci.yml

@@ -25,8 +25,8 @@
       cd build
       ln -s /tests/xmlconf
       sh ../autogen.sh $BASE_CONFIG $CONFIG
-      make -j$(nproc) V=1 CFLAGS="$CFLAGS -Werror"
-      make CFLAGS="$CFLAGS -Werror" check
+      make -j$(nproc) V=1
+      make check
 
 gcc:
   extends: .test

ImageMagick/ImageMagick.version.h

@@ -1,2 +1,2 @@
-#define DELEGATE_VERSION_NUM     2,10,3
-#define DELEGATE_VERSION_STRING "2.10.3 (2022-10-14)"
+#define DELEGATE_VERSION_NUM     2,10,4
+#define DELEGATE_VERSION_STRING "2.10.4 (2023-04-11)"

NEWS

@@ -1,5 +1,19 @@
 NEWS file for libxml2
 
+v2.10.4: Apr 11 2023
+
+### Security
+
+- [CVE-2023-29469] Hashing of empty dict strings isn't deterministic
+- [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
+- schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
+
+### Regressions
+
+- SAX2: Ignore namespaces in HTML documents
+- io: Fix "buffer full" error with certain buffer sizes
+
+
 v2.10.3: Oct 14 2022
 
 ### Security
@@ -60,6 +74,47 @@ v2.10.1: Aug 25 2022
 
 v2.10.0: Aug 17 2022
 
+### Breaking changes
+
+The Docbook parser module and all related symbols habe been removed completely.
+This was experimental code which never worked and generated a deprecation
+warning for 15+ years. The library's soname wasn't changed in order to allow
+seamless upgrades to later versions. If this concerns you, consider bumping
+soname yourself.
+
+Some other modules are now disabled by default and will eventually be removed
+completely:
+
+- Support for XPointer locations (ranges and points): This was based on
+  a W3C specification which never got beyond Working Draft status. To my
+  knowledge, there's no software supporting this spec which is still
+  maintained. You now have to enable this code by passing the
+  `--with-xptr-locs` configuration option. Be warned that this part of
+  the code base is buggy and had many security issues in the past.
+
+- Support for the built-in FTP client (`--with-ftp`).
+
+- Support for "legacy" functions (`--with-legacy`).
+
+If you're concerned about ABI stability and haven't disabled these modules
+already, add the following configuration options or bump soname yourself:
+
+    --with-ftp
+    --with-legacy
+    --with-xptr-locs
+
+Several functions of the public API were deprecated. Most of them should be
+completely unused and will generate a deprecation warning now.
+
+The autoconf build now uses the sysconfdir variable for the location of
+the default catalog file. The path changed from hardcoded /etc/xml/catalog
+to ${sysconfdir}/xml/catalog. The sysconfdir variable defaults to
+${prefix}/etc, prefix defaults to /usr/local, so without other options
+the path becomes /usr/local/etc/xml/catalog. If you want the old behavior,
+configure with
+
+    --sysconfdir=/etc
+
 ### Security
 
 - [CVE-2022-2309] Reset nsNr in xmlCtxtReset

SAX2.c

@@ -1608,12 +1608,15 @@ xmlSAX2StartElement(void *ctx, const xmlChar *fullname, const xmlChar **atts)
 	ctxt->validate = 0;
     }
 
-
-    /*
-     * Split the full name into a namespace prefix and the tag name
-     */
-    name = xmlSplitQName(ctxt, fullname, &prefix);
-
+    if (ctxt->html) {
+        prefix = NULL;
+        name = xmlStrdup(fullname);
+    } else {
+        /*
+         * Split the full name into a namespace prefix and the tag name
+         */
+        name = xmlSplitQName(ctxt, fullname, &prefix);
+    }
 
     /*
      * Note : the namespace resolution is deferred until the end of the

config.h

@@ -3,7 +3,7 @@ AC_PREREQ([2.63])
 
 m4_define([MAJOR_VERSION], 2)
 m4_define([MINOR_VERSION], 10)
-m4_define([MICRO_VERSION], 3)
+m4_define([MICRO_VERSION], 4)
 
 AC_INIT([libxml2],[MAJOR_VERSION.MINOR_VERSION.MICRO_VERSION])
 AC_CONFIG_SRCDIR([entities.c])

configure.ac

@@ -453,7 +453,8 @@ static unsigned long
 xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) {
     unsigned long value = seed;
 
-    if (name == NULL) return(0);
+    if ((name == NULL) || (namelen <= 0))
+        return(value);
     value += *name;
     value <<= 5;
     if (namelen > 10) {

dict.c

@@ -11,7 +11,7 @@
 #if defined(_WIN32) || defined(__CYGWIN__)
 /** DOC_DISABLE */
 
-#if defined(LIBXML_STATIC) || defined(_LIB)
+#ifdef LIBXML_STATIC
   #define XMLPUBLIC
 #elif defined(IN_LIBXML)
   #define XMLPUBLIC __declspec(dllexport)