aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/libxml
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2016-07-09 15:20:50 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-07-27 08:29:42 +0100
commitd4343f428c89c6c238cc7cd4c4732448a00003e4 (patch)
tree549906028b60a94bb26dc2f5d1f23c102d8c2b77 /meta/recipes-core/libxml
parentb817c98017cb64f902cdae514fb162b3199a0a14 (diff)
downloadopenembedded-core-contrib-d4343f428c89c6c238cc7cd4c4732448a00003e4.tar.gz
libxml2: Security fix for CVE-2016-4448
Affects libxml2 < 2.9.4 Signed-off-by: Armin Kuster <akuster@mvista.com>
Diffstat (limited to 'meta/recipes-core/libxml')
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2016-4448_1.patch1067
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2016-4448_2.patch208
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.2.bb2
3 files changed, 1277 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2016-4448_1.patch b/meta/recipes-core/libxml/libxml2/CVE-2016-4448_1.patch
new file mode 100644
index 0000000000..1d08e57308
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2016-4448_1.patch
@@ -0,0 +1,1067 @@
+From 4472c3a5a5b516aaf59b89be602fbce52756c3e9 Mon Sep 17 00:00:00 2001
+From: David Kilzer <ddkilzer@webkit.org>
+Date: Fri, 13 May 2016 15:13:17 +0800
+Subject: [PATCH] Fix some format string warnings with possible format string
+ vulnerability
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=761029
+
+Decorate every method in libxml2 with the appropriate
+LIBXML_ATTR_FORMAT(fmt,args) macro and add some cleanups
+following the reports.
+
+Upstream-Status: Backport
+CVE: CVE-2016-4448 patch #1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ HTMLparser.c | 4 +--
+ SAX2.c | 12 ++++----
+ catalog.c | 2 +-
+ configure.ac | 4 +--
+ debugXML.c | 4 +--
+ encoding.c | 2 +-
+ entities.c | 2 +-
+ error.c | 2 +-
+ include/libxml/parserInternals.h | 2 +-
+ include/libxml/xmlerror.h | 2 +-
+ include/libxml/xmlstring.h | 8 ++---
+ libxml.h | 2 +-
+ parser.c | 37 +++++++++++-----------
+ parserInternals.c | 4 +--
+ relaxng.c | 4 +--
+ schematron.c | 2 +-
+ testModule.c | 2 +-
+ valid.c | 8 ++---
+ xinclude.c | 4 +--
+ xmlIO.c | 14 ++++-----
+ xmllint.c | 20 ++++++------
+ xmlreader.c | 16 +++++++---
+ xmlschemas.c | 66 ++++++++++++++++++++--------------------
+ xmlstring.c | 4 +--
+ xmlwriter.c | 4 +--
+ xpath.c | 2 +-
+ xpointer.c | 2 +-
+ 27 files changed, 121 insertions(+), 114 deletions(-)
+
+Index: libxml2-2.9.2/HTMLparser.c
+===================================================================
+--- libxml2-2.9.2.orig/HTMLparser.c
++++ libxml2-2.9.2/HTMLparser.c
+@@ -105,7 +105,7 @@ htmlErrMemory(xmlParserCtxtPtr ctxt, con
+ *
+ * Handle a fatal parser error, i.e. violating Well-Formedness constraints
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ htmlParseErr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg, const xmlChar *str1, const xmlChar *str2)
+ {
+@@ -132,7 +132,7 @@ htmlParseErr(xmlParserCtxtPtr ctxt, xmlP
+ *
+ * Handle a fatal parser error, i.e. violating Well-Formedness constraints
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ htmlParseErrInt(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg, int val)
+ {
+Index: libxml2-2.9.2/SAX2.c
+===================================================================
+--- libxml2-2.9.2.orig/SAX2.c
++++ libxml2-2.9.2/SAX2.c
+@@ -55,7 +55,7 @@
+ * @ctxt: an XML validation parser context
+ * @msg: a string to accompany the error message
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(2,0)
+ xmlSAX2ErrMemory(xmlParserCtxtPtr ctxt, const char *msg) {
+ xmlStructuredErrorFunc schannel = NULL;
+ const char *str1 = "out of memory\n";
+@@ -93,7 +93,7 @@ xmlSAX2ErrMemory(xmlParserCtxtPtr ctxt,
+ *
+ * Handle a validation error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlErrValid(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg, const char *str1, const char *str2)
+ {
+@@ -133,7 +133,7 @@ xmlErrValid(xmlParserCtxtPtr ctxt, xmlPa
+ *
+ * Handle a fatal parser error, i.e. violating Well-Formedness constraints
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlFatalErrMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg, const xmlChar *str1, const xmlChar *str2)
+ {
+@@ -164,7 +164,7 @@ xmlFatalErrMsg(xmlParserCtxtPtr ctxt, xm
+ *
+ * Handle a parser warning
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlWarnMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg, const xmlChar *str1)
+ {
+@@ -189,7 +189,7 @@ xmlWarnMsg(xmlParserCtxtPtr ctxt, xmlPar
+ *
+ * Handle a namespace error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlNsErrMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg, const xmlChar *str1, const xmlChar *str2)
+ {
+@@ -213,7 +213,7 @@ xmlNsErrMsg(xmlParserCtxtPtr ctxt, xmlPa
+ *
+ * Handle a namespace warning
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlNsWarnMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg, const xmlChar *str1, const xmlChar *str2)
+ {
+Index: libxml2-2.9.2/catalog.c
+===================================================================
+--- libxml2-2.9.2.orig/catalog.c
++++ libxml2-2.9.2/catalog.c
+@@ -238,7 +238,7 @@ xmlCatalogErrMemory(const char *extra)
+ *
+ * Handle a catalog error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(4,0)
+ xmlCatalogErr(xmlCatalogEntryPtr catal, xmlNodePtr node, int error,
+ const char *msg, const xmlChar *str1, const xmlChar *str2,
+ const xmlChar *str3)
+Index: libxml2-2.9.2/configure.ac
+===================================================================
+--- libxml2-2.9.2.orig/configure.ac
++++ libxml2-2.9.2/configure.ac
+@@ -770,7 +770,7 @@ else
+ fi
+
+ # warnings we'd like to see
+- CFLAGS="${CFLAGS} -pedantic -W -Wformat -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls"
++ CFLAGS="${CFLAGS} -pedantic -W -Wformat -Wno-format-extra-args -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls"
+ # warnings we'd like to supress
+ CFLAGS="${CFLAGS} -Wno-long-long"
+ case "${host}" in
+@@ -990,7 +990,7 @@ if [[ "${LOGNAME}" = "veillard" -a "`pwd
+ fi
+ fi
+ if test "${GCC}" = "yes" ; then
+- CFLAGS="-g -O -pedantic -W -Wformat -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls -Wall"
++ CFLAGS="-g -O -pedantic -W -Wformat -Wno-format-extra-args -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls -Wall"
+ fi
+ STATIC_BINARIES="-static"
+ dnl -Wcast-qual -ansi
+Index: libxml2-2.9.2/debugXML.c
+===================================================================
+--- libxml2-2.9.2.orig/debugXML.c
++++ libxml2-2.9.2/debugXML.c
+@@ -164,7 +164,7 @@ xmlDebugErr(xmlDebugCtxtPtr ctxt, int er
+ NULL, NULL, NULL, 0, 0,
+ "%s", msg);
+ }
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlDebugErr2(xmlDebugCtxtPtr ctxt, int error, const char *msg, int extra)
+ {
+ ctxt->errors++;
+@@ -174,7 +174,7 @@ xmlDebugErr2(xmlDebugCtxtPtr ctxt, int e
+ NULL, NULL, NULL, 0, 0,
+ msg, extra);
+ }
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlDebugErr3(xmlDebugCtxtPtr ctxt, int error, const char *msg, const char *extra)
+ {
+ ctxt->errors++;
+Index: libxml2-2.9.2/encoding.c
+===================================================================
+--- libxml2-2.9.2.orig/encoding.c
++++ libxml2-2.9.2/encoding.c
+@@ -93,7 +93,7 @@ xmlEncodingErrMemory(const char *extra)
+ *
+ * n encoding error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(2,0)
+ xmlEncodingErr(xmlParserErrors error, const char *msg, const char *val)
+ {
+ __xmlRaiseError(NULL, NULL, NULL, NULL, NULL,
+Index: libxml2-2.9.2/entities.c
+===================================================================
+--- libxml2-2.9.2.orig/entities.c
++++ libxml2-2.9.2/entities.c
+@@ -83,7 +83,7 @@ xmlEntitiesErrMemory(const char *extra)
+ *
+ * Handle an out of memory condition
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(2,0)
+ xmlEntitiesErr(xmlParserErrors code, const char *msg)
+ {
+ __xmlSimpleError(XML_FROM_TREE, code, NULL, msg, NULL);
+Index: libxml2-2.9.2/error.c
+===================================================================
+--- libxml2-2.9.2.orig/error.c
++++ libxml2-2.9.2/error.c
+@@ -18,7 +18,7 @@
+
+ void XMLCDECL xmlGenericErrorDefaultFunc (void *ctx ATTRIBUTE_UNUSED,
+ const char *msg,
+- ...);
++ ...) LIBXML_ATTR_FORMAT(2,3);
+
+ #define XML_GET_VAR_STR(msg, str) { \
+ int size, prev_size = -1; \
+Index: libxml2-2.9.2/include/libxml/parserInternals.h
+===================================================================
+--- libxml2-2.9.2.orig/include/libxml/parserInternals.h
++++ libxml2-2.9.2/include/libxml/parserInternals.h
+@@ -351,7 +351,7 @@ XMLPUBFUN void XMLCALL
+ xmlParserErrors xmlerr,
+ const char *msg,
+ const xmlChar * str1,
+- const xmlChar * str2);
++ const xmlChar * str2) LIBXML_ATTR_FORMAT(3,0);
+ #endif
+
+ /**
+Index: libxml2-2.9.2/include/libxml/xmlerror.h
+===================================================================
+--- libxml2-2.9.2.orig/include/libxml/xmlerror.h
++++ libxml2-2.9.2/include/libxml/xmlerror.h
+@@ -937,7 +937,7 @@ XMLPUBFUN void XMLCALL
+ int code,
+ xmlNodePtr node,
+ const char *msg,
+- const char *extra);
++ const char *extra) LIBXML_ATTR_FORMAT(4,0);
+ #endif
+ #ifdef __cplusplus
+ }
+Index: libxml2-2.9.2/include/libxml/xmlstring.h
+===================================================================
+--- libxml2-2.9.2.orig/include/libxml/xmlstring.h
++++ libxml2-2.9.2/include/libxml/xmlstring.h
+@@ -97,13 +97,13 @@ XMLPUBFUN xmlChar * XMLCALL
+ XMLPUBFUN int XMLCALL
+ xmlStrPrintf (xmlChar *buf,
+ int len,
+- const xmlChar *msg,
+- ...);
++ const char *msg,
++ ...) LIBXML_ATTR_FORMAT(3,4);
+ XMLPUBFUN int XMLCALL
+ xmlStrVPrintf (xmlChar *buf,
+ int len,
+- const xmlChar *msg,
+- va_list ap);
++ const char *msg,
++ va_list ap) LIBXML_ATTR_FORMAT(3,0);
+
+ XMLPUBFUN int XMLCALL
+ xmlGetUTF8Char (const unsigned char *utf,
+Index: libxml2-2.9.2/libxml.h
+===================================================================
+--- libxml2-2.9.2.orig/libxml.h
++++ libxml2-2.9.2/libxml.h
+@@ -71,7 +71,7 @@ extern int __xmlRegisterCallbacks;
+ * internal error reporting routines, shared but not partof the API.
+ */
+ void __xmlIOErr(int domain, int code, const char *extra);
+-void __xmlLoaderErr(void *ctx, const char *msg, const char *filename);
++void __xmlLoaderErr(void *ctx, const char *msg, const char *filename) LIBXML_ATTR_FORMAT(2,0);
+ #ifdef LIBXML_HTML_ENABLED
+ /*
+ * internal function of HTML parser needed for xmlParseInNodeContext
+Index: libxml2-2.9.2/parser.c
+===================================================================
+--- libxml2-2.9.2.orig/parser.c
++++ libxml2-2.9.2/parser.c
+@@ -350,7 +350,6 @@ static void
+ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error, const char *info)
+ {
+ const char *errmsg;
+- char errstr[129] = "";
+
+ if ((ctxt != NULL) && (ctxt->disableSAX != 0) &&
+ (ctxt->instate == XML_PARSER_EOF))
+@@ -537,15 +536,17 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlPa
+ default:
+ errmsg = "Unregistered error message";
+ }
+- if (info == NULL)
+- snprintf(errstr, 128, "%s\n", errmsg);
+- else
+- snprintf(errstr, 128, "%s: %%s\n", errmsg);
+ if (ctxt != NULL)
+ ctxt->errNo = error;
+- __xmlRaiseError(NULL, NULL, NULL, ctxt, NULL, XML_FROM_PARSER, error,
+- XML_ERR_FATAL, NULL, 0, info, NULL, NULL, 0, 0, &errstr[0],
+- info);
++ if (info == NULL) {
++ __xmlRaiseError(NULL, NULL, NULL, ctxt, NULL, XML_FROM_PARSER, error,
++ XML_ERR_FATAL, NULL, 0, info, NULL, NULL, 0, 0, "%s\n",
++ errmsg);
++ } else {
++ __xmlRaiseError(NULL, NULL, NULL, ctxt, NULL, XML_FROM_PARSER, error,
++ XML_ERR_FATAL, NULL, 0, info, NULL, NULL, 0, 0, "%s: %s\n",
++ errmsg, info);
++ }
+ if (ctxt != NULL) {
+ ctxt->wellFormed = 0;
+ if (ctxt->recovery == 0)
+@@ -561,7 +562,7 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlPa
+ *
+ * Handle a fatal parser error, i.e. violating Well-Formedness constraints
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlFatalErrMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg)
+ {
+@@ -589,7 +590,7 @@ xmlFatalErrMsg(xmlParserCtxtPtr ctxt, xm
+ *
+ * Handle a warning.
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlWarningMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg, const xmlChar *str1, const xmlChar *str2)
+ {
+@@ -627,7 +628,7 @@ xmlWarningMsg(xmlParserCtxtPtr ctxt, xml
+ *
+ * Handle a validity error.
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlValidityError(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg, const xmlChar *str1, const xmlChar *str2)
+ {
+@@ -667,7 +668,7 @@ xmlValidityError(xmlParserCtxtPtr ctxt,
+ *
+ * Handle a fatal parser error, i.e. violating Well-Formedness constraints
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlFatalErrMsgInt(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg, int val)
+ {
+@@ -697,7 +698,7 @@ xmlFatalErrMsgInt(xmlParserCtxtPtr ctxt,
+ *
+ * Handle a fatal parser error, i.e. violating Well-Formedness constraints
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlFatalErrMsgStrIntStr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg, const xmlChar *str1, int val,
+ const xmlChar *str2)
+@@ -727,7 +728,7 @@ xmlFatalErrMsgStrIntStr(xmlParserCtxtPtr
+ *
+ * Handle a fatal parser error, i.e. violating Well-Formedness constraints
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlFatalErrMsgStr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg, const xmlChar * val)
+ {
+@@ -756,7 +757,7 @@ xmlFatalErrMsgStr(xmlParserCtxtPtr ctxt,
+ *
+ * Handle a non fatal parser error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlErrMsgStr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg, const xmlChar * val)
+ {
+@@ -781,7 +782,7 @@ xmlErrMsgStr(xmlParserCtxtPtr ctxt, xmlP
+ *
+ * Handle a fatal parser error, i.e. violating Well-Formedness constraints
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlNsErr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg,
+ const xmlChar * info1, const xmlChar * info2,
+@@ -810,7 +811,7 @@ xmlNsErr(xmlParserCtxtPtr ctxt, xmlParse
+ *
+ * Handle a namespace warning error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlNsWarn(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg,
+ const xmlChar * info1, const xmlChar * info2,
+@@ -5538,7 +5539,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt
+ skipped = SKIP_BLANKS;
+ if (skipped == 0) {
+ xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
+- "Space required after '%'\n");
++ "Space required after '%%'\n");
+ }
+ isParameter = 1;
+ }
+Index: libxml2-2.9.2/parserInternals.c
+===================================================================
+--- libxml2-2.9.2.orig/parserInternals.c
++++ libxml2-2.9.2/parserInternals.c
+@@ -169,7 +169,7 @@ __xmlErrEncoding(xmlParserCtxtPtr ctxt,
+ *
+ * Handle an internal error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(2,0)
+ xmlErrInternal(xmlParserCtxtPtr ctxt, const char *msg, const xmlChar * str)
+ {
+ if ((ctxt != NULL) && (ctxt->disableSAX != 0) &&
+@@ -197,7 +197,7 @@ xmlErrInternal(xmlParserCtxtPtr ctxt, co
+ *
+ * n encoding error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlErrEncodingInt(xmlParserCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg, int val)
+ {
+Index: libxml2-2.9.2/relaxng.c
+===================================================================
+--- libxml2-2.9.2.orig/relaxng.c
++++ libxml2-2.9.2/relaxng.c
+@@ -507,7 +507,7 @@ xmlRngVErrMemory(xmlRelaxNGValidCtxtPtr
+ *
+ * Handle a Relax NG Parsing error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(4,0)
+ xmlRngPErr(xmlRelaxNGParserCtxtPtr ctxt, xmlNodePtr node, int error,
+ const char *msg, const xmlChar * str1, const xmlChar * str2)
+ {
+@@ -541,7 +541,7 @@ xmlRngPErr(xmlRelaxNGParserCtxtPtr ctxt,
+ *
+ * Handle a Relax NG Validation error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(4,0)
+ xmlRngVErr(xmlRelaxNGValidCtxtPtr ctxt, xmlNodePtr node, int error,
+ const char *msg, const xmlChar * str1, const xmlChar * str2)
+ {
+Index: libxml2-2.9.2/schematron.c
+===================================================================
+--- libxml2-2.9.2.orig/schematron.c
++++ libxml2-2.9.2/schematron.c
+@@ -245,7 +245,7 @@ xmlSchematronPErrMemory(xmlSchematronPar
+ *
+ * Handle a parser error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(4,0)
+ xmlSchematronPErr(xmlSchematronParserCtxtPtr ctxt, xmlNodePtr node, int error,
+ const char *msg, const xmlChar * str1, const xmlChar * str2)
+ {
+Index: libxml2-2.9.2/testModule.c
+===================================================================
+--- libxml2-2.9.2.orig/testModule.c
++++ libxml2-2.9.2/testModule.c
+@@ -47,7 +47,7 @@ int main(int argc ATTRIBUTE_UNUSED, char
+
+ /* build the module filename, and confirm the module exists */
+ xmlStrPrintf(filename, sizeof(filename),
+- (const xmlChar*) "%s/testdso%s",
++ "%s/testdso%s",
+ (const xmlChar*)MODULE_PATH,
+ (const xmlChar*)LIBXML_MODULE_EXTENSION);
+
+Index: libxml2-2.9.2/valid.c
+===================================================================
+--- libxml2-2.9.2.orig/valid.c
++++ libxml2-2.9.2/valid.c
+@@ -93,7 +93,7 @@ xmlVErrMemory(xmlValidCtxtPtr ctxt, cons
+ *
+ * Handle a validation error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlErrValid(xmlValidCtxtPtr ctxt, xmlParserErrors error,
+ const char *msg, const char *extra)
+ {
+@@ -137,7 +137,7 @@ xmlErrValid(xmlValidCtxtPtr ctxt, xmlPar
+ *
+ * Handle a validation error, provide contextual informations
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(4,0)
+ xmlErrValidNode(xmlValidCtxtPtr ctxt,
+ xmlNodePtr node, xmlParserErrors error,
+ const char *msg, const xmlChar * str1,
+@@ -180,7 +180,7 @@ xmlErrValidNode(xmlValidCtxtPtr ctxt,
+ *
+ * Handle a validation error, provide contextual informations
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(4,0)
+ xmlErrValidNodeNr(xmlValidCtxtPtr ctxt,
+ xmlNodePtr node, xmlParserErrors error,
+ const char *msg, const xmlChar * str1,
+@@ -221,7 +221,7 @@ xmlErrValidNodeNr(xmlValidCtxtPtr ctxt,
+ *
+ * Handle a validation error, provide contextual information
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(4,0)
+ xmlErrValidWarning(xmlValidCtxtPtr ctxt,
+ xmlNodePtr node, xmlParserErrors error,
+ const char *msg, const xmlChar * str1,
+Index: libxml2-2.9.2/xinclude.c
+===================================================================
+--- libxml2-2.9.2.orig/xinclude.c
++++ libxml2-2.9.2/xinclude.c
+@@ -125,7 +125,7 @@ xmlXIncludeErrMemory(xmlXIncludeCtxtPtr
+ *
+ * Handle an XInclude error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(4,0)
+ xmlXIncludeErr(xmlXIncludeCtxtPtr ctxt, xmlNodePtr node, int error,
+ const char *msg, const xmlChar *extra)
+ {
+@@ -147,7 +147,7 @@ xmlXIncludeErr(xmlXIncludeCtxtPtr ctxt,
+ *
+ * Emit an XInclude warning.
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(4,0)
+ xmlXIncludeWarn(xmlXIncludeCtxtPtr ctxt, xmlNodePtr node, int error,
+ const char *msg, const xmlChar *extra)
+ {
+Index: libxml2-2.9.2/xmlIO.c
+===================================================================
+--- libxml2-2.9.2.orig/xmlIO.c
++++ libxml2-2.9.2/xmlIO.c
+@@ -1604,7 +1604,7 @@ xmlCreateZMemBuff( int compression ) {
+ xmlFreeZMemBuff( buff );
+ buff = NULL;
+ xmlStrPrintf(msg, 500,
+- (const xmlChar *) "xmlCreateZMemBuff: %s %d\n",
++ "xmlCreateZMemBuff: %s %d\n",
+ "Error initializing compression context. ZLIB error:",
+ z_err );
+ xmlIOErr(XML_IO_WRITE, (const char *) msg);
+@@ -1672,7 +1672,7 @@ xmlZMemBuffExtend( xmlZMemBuffPtr buff,
+ else {
+ xmlChar msg[500];
+ xmlStrPrintf(msg, 500,
+- (const xmlChar *) "xmlZMemBuffExtend: %s %lu bytes.\n",
++ "xmlZMemBuffExtend: %s %lu bytes.\n",
+ "Allocation failure extending output buffer to",
+ new_size );
+ xmlIOErr(XML_IO_WRITE, (const char *) msg);
+@@ -1718,7 +1718,7 @@ xmlZMemBuffAppend( xmlZMemBuffPtr buff,
+ if ( z_err != Z_OK ) {
+ xmlChar msg[500];
+ xmlStrPrintf(msg, 500,
+- (const xmlChar *) "xmlZMemBuffAppend: %s %d %s - %d",
++ "xmlZMemBuffAppend: %s %d %s - %d",
+ "Compression error while appending",
+ len, "bytes to buffer. ZLIB error", z_err );
+ xmlIOErr(XML_IO_WRITE, (const char *) msg);
+@@ -1791,7 +1791,7 @@ xmlZMemBuffGetContent( xmlZMemBuffPtr bu
+ else {
+ xmlChar msg[500];
+ xmlStrPrintf(msg, 500,
+- (const xmlChar *) "xmlZMemBuffGetContent: %s - %d\n",
++ "xmlZMemBuffGetContent: %s - %d\n",
+ "Error flushing zlib buffers. Error code", z_err );
+ xmlIOErr(XML_IO_WRITE, (const char *) msg);
+ }
+@@ -1996,7 +1996,7 @@ xmlIOHTTPWrite( void * context, const ch
+ if ( len < 0 ) {
+ xmlChar msg[500];
+ xmlStrPrintf(msg, 500,
+- (const xmlChar *) "xmlIOHTTPWrite: %s\n%s '%s'.\n",
++ "xmlIOHTTPWrite: %s\n%s '%s'.\n",
+ "Error appending to internal buffer.",
+ "Error sending document to URI",
+ ctxt->uri );
+@@ -2068,7 +2068,7 @@ xmlIOHTTPCloseWrite( void * context, con
+ if ( http_content == NULL ) {
+ xmlChar msg[500];
+ xmlStrPrintf(msg, 500,
+- (const xmlChar *) "xmlIOHTTPCloseWrite: %s '%s' %s '%s'.\n",
++ "xmlIOHTTPCloseWrite: %s '%s' %s '%s'.\n",
+ "Error retrieving content.\nUnable to",
+ http_mthd, "data to URI", ctxt->uri );
+ xmlIOErr(XML_IO_WRITE, (const char *) msg);
+@@ -2140,7 +2140,7 @@ xmlIOHTTPCloseWrite( void * context, con
+ else {
+ xmlChar msg[500];
+ xmlStrPrintf(msg, 500,
+- (const xmlChar *) "xmlIOHTTPCloseWrite: HTTP '%s' of %d %s\n'%s' %s %d\n",
++ "xmlIOHTTPCloseWrite: HTTP '%s' of %d %s\n'%s' %s %d\n",
+ http_mthd, content_lgth,
+ "bytes to URI", ctxt->uri,
+ "failed. HTTP return code:", http_rtn );
+Index: libxml2-2.9.2/xmllint.c
+===================================================================
+--- libxml2-2.9.2.orig/xmllint.c
++++ libxml2-2.9.2/xmllint.c
+@@ -449,7 +449,7 @@ startTimer(void)
+ * message about the timing performed; format is a printf
+ * type argument
+ */
+-static void XMLCDECL
++static void XMLCDECL LIBXML_ATTR_FORMAT(1,2)
+ endTimer(const char *fmt, ...)
+ {
+ long msec;
+@@ -485,7 +485,7 @@ startTimer(void)
+ {
+ begin = clock();
+ }
+-static void XMLCDECL
++static void XMLCDECL LIBXML_ATTR_FORMAT(1,2)
+ endTimer(const char *fmt, ...)
+ {
+ long msec;
+@@ -514,7 +514,7 @@ startTimer(void)
+ * Do nothing
+ */
+ }
+-static void XMLCDECL
++static void XMLCDECL LIBXML_ATTR_FORMAT(1,2)
+ endTimer(char *format, ...)
+ {
+ /*
+@@ -634,7 +634,7 @@ xmlHTMLPrintFileContext(xmlParserInputPt
+ * Display and format an error messages, gives file, line, position and
+ * extra parameters.
+ */
+-static void XMLCDECL
++static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
+ xmlHTMLError(void *ctx, const char *msg, ...)
+ {
+ xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
+@@ -671,7 +671,7 @@ xmlHTMLError(void *ctx, const char *msg,
+ * Display and format a warning messages, gives file, line, position and
+ * extra parameters.
+ */
+-static void XMLCDECL
++static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
+ xmlHTMLWarning(void *ctx, const char *msg, ...)
+ {
+ xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
+@@ -709,7 +709,7 @@ xmlHTMLWarning(void *ctx, const char *ms
+ * Display and format an validity error messages, gives file,
+ * line, position and extra parameters.
+ */
+-static void XMLCDECL
++static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
+ xmlHTMLValidityError(void *ctx, const char *msg, ...)
+ {
+ xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
+@@ -746,7 +746,7 @@ xmlHTMLValidityError(void *ctx, const ch
+ * Display and format a validity warning messages, gives file, line,
+ * position and extra parameters.
+ */
+-static void XMLCDECL
++static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
+ xmlHTMLValidityWarning(void *ctx, const char *msg, ...)
+ {
+ xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
+@@ -1410,7 +1410,7 @@ commentDebug(void *ctx ATTRIBUTE_UNUSED,
+ * Display and format a warning messages, gives file, line, position and
+ * extra parameters.
+ */
+-static void XMLCDECL
++static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
+ warningDebug(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...)
+ {
+ va_list args;
+@@ -1433,7 +1433,7 @@ warningDebug(void *ctx ATTRIBUTE_UNUSED,
+ * Display and format a error messages, gives file, line, position and
+ * extra parameters.
+ */
+-static void XMLCDECL
++static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
+ errorDebug(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...)
+ {
+ va_list args;
+@@ -1456,7 +1456,7 @@ errorDebug(void *ctx ATTRIBUTE_UNUSED, c
+ * Display and format a fatalError messages, gives file, line, position and
+ * extra parameters.
+ */
+-static void XMLCDECL
++static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
+ fatalErrorDebug(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...)
+ {
+ va_list args;
+Index: libxml2-2.9.2/xmlreader.c
+===================================================================
+--- libxml2-2.9.2.orig/xmlreader.c
++++ libxml2-2.9.2/xmlreader.c
+@@ -4050,13 +4050,19 @@ xmlTextReaderCurrentDoc(xmlTextReaderPtr
+ }
+
+ #ifdef LIBXML_SCHEMAS_ENABLED
+-static char *xmlTextReaderBuildMessage(const char *msg, va_list ap);
++static char *xmlTextReaderBuildMessage(const char *msg, va_list ap) LIBXML_ATTR_FORMAT(1,0);
+
+ static void XMLCDECL
+-xmlTextReaderValidityError(void *ctxt, const char *msg, ...);
++xmlTextReaderValidityError(void *ctxt, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
+
+ static void XMLCDECL
+-xmlTextReaderValidityWarning(void *ctxt, const char *msg, ...);
++xmlTextReaderValidityWarning(void *ctxt, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
++
++static void XMLCDECL
++xmlTextReaderValidityErrorRelay(void *ctx, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
++
++static void XMLCDECL
++xmlTextReaderValidityWarningRelay(void *ctx, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
+
+ static void XMLCDECL
+ xmlTextReaderValidityErrorRelay(void *ctx, const char *msg, ...)
+@@ -4850,7 +4856,7 @@ xmlTextReaderStructuredError(void *ctxt,
+ }
+ }
+
+-static void XMLCDECL
++static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
+ xmlTextReaderError(void *ctxt, const char *msg, ...)
+ {
+ va_list ap;
+@@ -4863,7 +4869,7 @@ xmlTextReaderError(void *ctxt, const cha
+
+ }
+
+-static void XMLCDECL
++static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
+ xmlTextReaderWarning(void *ctxt, const char *msg, ...)
+ {
+ va_list ap;
+Index: libxml2-2.9.2/xmlschemas.c
+===================================================================
+--- libxml2-2.9.2.orig/xmlschemas.c
++++ libxml2-2.9.2/xmlschemas.c
+@@ -1085,7 +1085,7 @@ xmlSchemaGetUnionSimpleTypeMemberTypes(x
+ static void
+ xmlSchemaInternalErr(xmlSchemaAbstractCtxtPtr actxt,
+ const char *funcName,
+- const char *message);
++ const char *message) LIBXML_ATTR_FORMAT(3,0);
+ static int
+ xmlSchemaCheckCOSSTDerivedOK(xmlSchemaAbstractCtxtPtr ctxt,
+ xmlSchemaTypePtr type,
+@@ -1889,7 +1889,7 @@ xmlSchemaPErrMemory(xmlSchemaParserCtxtP
+ *
+ * Handle a parser error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(4,0)
+ xmlSchemaPErr(xmlSchemaParserCtxtPtr ctxt, xmlNodePtr node, int error,
+ const char *msg, const xmlChar * str1, const xmlChar * str2)
+ {
+@@ -1922,7 +1922,7 @@ xmlSchemaPErr(xmlSchemaParserCtxtPtr ctx
+ *
+ * Handle a parser error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(5,0)
+ xmlSchemaPErr2(xmlSchemaParserCtxtPtr ctxt, xmlNodePtr node,
+ xmlNodePtr child, int error,
+ const char *msg, const xmlChar * str1, const xmlChar * str2)
+@@ -1951,7 +1951,7 @@ xmlSchemaPErr2(xmlSchemaParserCtxtPtr ct
+ *
+ * Handle a parser error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(7,0)
+ xmlSchemaPErrExt(xmlSchemaParserCtxtPtr ctxt, xmlNodePtr node, int error,
+ const xmlChar * strData1, const xmlChar * strData2,
+ const xmlChar * strData3, const char *msg, const xmlChar * str1,
+@@ -2002,7 +2002,7 @@ xmlSchemaVErrMemory(xmlSchemaValidCtxtPt
+ extra);
+ }
+
+-static void
++static void LIBXML_ATTR_FORMAT(2,0)
+ xmlSchemaPSimpleInternalErr(xmlNodePtr node,
+ const char *msg, const xmlChar *str)
+ {
+@@ -2013,18 +2013,21 @@ xmlSchemaPSimpleInternalErr(xmlNodePtr n
+ #define WXS_ERROR_TYPE_ERROR 1
+ #define WXS_ERROR_TYPE_WARNING 2
+ /**
+- * xmlSchemaErr3:
++ * xmlSchemaErr4Line:
+ * @ctxt: the validation context
+- * @node: the context node
++ * @errorLevel: the error level
+ * @error: the error code
++ * @node: the context node
++ * @line: the line number
+ * @msg: the error message
+ * @str1: extra data
+ * @str2: extra data
+ * @str3: extra data
++ * @str4: extra data
+ *
+ * Handle a validation error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(6,0)
+ xmlSchemaErr4Line(xmlSchemaAbstractCtxtPtr ctxt,
+ xmlErrorLevel errorLevel,
+ int error, xmlNodePtr node, int line, const char *msg,
+@@ -2139,7 +2142,7 @@ xmlSchemaErr4Line(xmlSchemaAbstractCtxtP
+ *
+ * Handle a validation error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(4,0)
+ xmlSchemaErr3(xmlSchemaAbstractCtxtPtr actxt,
+ int error, xmlNodePtr node, const char *msg,
+ const xmlChar *str1, const xmlChar *str2, const xmlChar *str3)
+@@ -2148,7 +2151,7 @@ xmlSchemaErr3(xmlSchemaAbstractCtxtPtr a
+ msg, str1, str2, str3, NULL);
+ }
+
+-static void
++static void LIBXML_ATTR_FORMAT(4,0)
+ xmlSchemaErr4(xmlSchemaAbstractCtxtPtr actxt,
+ int error, xmlNodePtr node, const char *msg,
+ const xmlChar *str1, const xmlChar *str2,
+@@ -2158,7 +2161,7 @@ xmlSchemaErr4(xmlSchemaAbstractCtxtPtr a
+ msg, str1, str2, str3, str4);
+ }
+
+-static void
++static void LIBXML_ATTR_FORMAT(4,0)
+ xmlSchemaErr(xmlSchemaAbstractCtxtPtr actxt,
+ int error, xmlNodePtr node, const char *msg,
+ const xmlChar *str1, const xmlChar *str2)
+@@ -2181,7 +2184,7 @@ xmlSchemaFormatNodeForError(xmlChar ** m
+ /*
+ * Don't try to format other nodes than element and
+ * attribute nodes.
+- * Play save and return an empty string.
++ * Play safe and return an empty string.
+ */
+ *msg = xmlStrdup(BAD_CAST "");
+ return(*msg);
+@@ -2262,7 +2265,7 @@ xmlSchemaFormatNodeForError(xmlChar ** m
+ return (*msg);
+ }
+
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlSchemaInternalErr2(xmlSchemaAbstractCtxtPtr actxt,
+ const char *funcName,
+ const char *message,
+@@ -2273,24 +2276,21 @@ xmlSchemaInternalErr2(xmlSchemaAbstractC
+
+ if (actxt == NULL)
+ return;
+- msg = xmlStrdup(BAD_CAST "Internal error: ");
+- msg = xmlStrcat(msg, BAD_CAST funcName);
+- msg = xmlStrcat(msg, BAD_CAST ", ");
++ msg = xmlStrdup(BAD_CAST "Internal error: %s, ");
+ msg = xmlStrcat(msg, BAD_CAST message);
+ msg = xmlStrcat(msg, BAD_CAST ".\n");
+
+ if (actxt->type == XML_SCHEMA_CTXT_VALIDATOR)
+- xmlSchemaErr(actxt, XML_SCHEMAV_INTERNAL, NULL,
+- (const char *) msg, str1, str2);
+-
++ xmlSchemaErr3(actxt, XML_SCHEMAV_INTERNAL, NULL,
++ (const char *) msg, (const xmlChar *) funcName, str1, str2);
+ else if (actxt->type == XML_SCHEMA_CTXT_PARSER)
+- xmlSchemaErr(actxt, XML_SCHEMAP_INTERNAL, NULL,
+- (const char *) msg, str1, str2);
++ xmlSchemaErr3(actxt, XML_SCHEMAP_INTERNAL, NULL,
++ (const char *) msg, (const xmlChar *) funcName, str1, str2);
+
+ FREE_AND_NULL(msg)
+ }
+
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlSchemaInternalErr(xmlSchemaAbstractCtxtPtr actxt,
+ const char *funcName,
+ const char *message)
+@@ -2299,7 +2299,7 @@ xmlSchemaInternalErr(xmlSchemaAbstractCt
+ }
+
+ #if 0
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlSchemaPInternalErr(xmlSchemaParserCtxtPtr pctxt,
+ const char *funcName,
+ const char *message,
+@@ -2311,7 +2311,7 @@ xmlSchemaPInternalErr(xmlSchemaParserCtx
+ }
+ #endif
+
+-static void
++static void LIBXML_ATTR_FORMAT(5,0)
+ xmlSchemaCustomErr4(xmlSchemaAbstractCtxtPtr actxt,
+ xmlParserErrors error,
+ xmlNodePtr node,
+@@ -2336,7 +2336,7 @@ xmlSchemaCustomErr4(xmlSchemaAbstractCtx
+ FREE_AND_NULL(msg)
+ }
+
+-static void
++static void LIBXML_ATTR_FORMAT(5,0)
+ xmlSchemaCustomErr(xmlSchemaAbstractCtxtPtr actxt,
+ xmlParserErrors error,
+ xmlNodePtr node,
+@@ -2351,7 +2351,7 @@ xmlSchemaCustomErr(xmlSchemaAbstractCtxt
+
+
+
+-static void
++static void LIBXML_ATTR_FORMAT(5,0)
+ xmlSchemaCustomWarning(xmlSchemaAbstractCtxtPtr actxt,
+ xmlParserErrors error,
+ xmlNodePtr node,
+@@ -2376,7 +2376,7 @@ xmlSchemaCustomWarning(xmlSchemaAbstract
+
+
+
+-static void
++static void LIBXML_ATTR_FORMAT(5,0)
+ xmlSchemaKeyrefErr(xmlSchemaValidCtxtPtr vctxt,
+ xmlParserErrors error,
+ xmlSchemaPSVIIDCNodePtr idcNode,
+@@ -2525,7 +2525,7 @@ xmlSchemaIllegalAttrErr(xmlSchemaAbstrac
+ FREE_AND_NULL(msg)
+ }
+
+-static void
++static void LIBXML_ATTR_FORMAT(5,0)
+ xmlSchemaComplexTypeErr(xmlSchemaAbstractCtxtPtr actxt,
+ xmlParserErrors error,
+ xmlNodePtr node,
+@@ -2625,7 +2625,7 @@ xmlSchemaComplexTypeErr(xmlSchemaAbstrac
+ xmlFree(msg);
+ }
+
+-static void
++static void LIBXML_ATTR_FORMAT(8,0)
+ xmlSchemaFacetErr(xmlSchemaAbstractCtxtPtr actxt,
+ xmlParserErrors error,
+ xmlNodePtr node,
+@@ -2916,7 +2916,7 @@ xmlSchemaPIllegalAttrErr(xmlSchemaParser
+ *
+ * Reports an error during parsing.
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(5,0)
+ xmlSchemaPCustomErrExt(xmlSchemaParserCtxtPtr ctxt,
+ xmlParserErrors error,
+ xmlSchemaBasicItemPtr item,
+@@ -2952,7 +2952,7 @@ xmlSchemaPCustomErrExt(xmlSchemaParserCt
+ *
+ * Reports an error during parsing.
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(5,0)
+ xmlSchemaPCustomErr(xmlSchemaParserCtxtPtr ctxt,
+ xmlParserErrors error,
+ xmlSchemaBasicItemPtr item,
+@@ -2977,7 +2977,7 @@ xmlSchemaPCustomErr(xmlSchemaParserCtxtP
+ *
+ * Reports an attribute use error during parsing.
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(6,0)
+ xmlSchemaPAttrUseErr4(xmlSchemaParserCtxtPtr ctxt,
+ xmlParserErrors error,
+ xmlNodePtr node,
+@@ -3099,7 +3099,7 @@ xmlSchemaPMutualExclAttrErr(xmlSchemaPar
+ * Reports a simple type validation error.
+ * TODO: Should this report the value of an element as well?
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(8,0)
+ xmlSchemaPSimpleTypeErr(xmlSchemaParserCtxtPtr ctxt,
+ xmlParserErrors error,
+ xmlSchemaBasicItemPtr ownerItem ATTRIBUTE_UNUSED,
+Index: libxml2-2.9.2/xmlstring.c
+===================================================================
+--- libxml2-2.9.2.orig/xmlstring.c
++++ libxml2-2.9.2/xmlstring.c
+@@ -545,7 +545,7 @@ xmlStrcat(xmlChar *cur, const xmlChar *a
+ * Returns the number of characters written to @buf or -1 if an error occurs.
+ */
+ int XMLCDECL
+-xmlStrPrintf(xmlChar *buf, int len, const xmlChar *msg, ...) {
++xmlStrPrintf(xmlChar *buf, int len, const char *msg, ...) {
+ va_list args;
+ int ret;
+
+@@ -573,7 +573,7 @@ xmlStrPrintf(xmlChar *buf, int len, cons
+ * Returns the number of characters written to @buf or -1 if an error occurs.
+ */
+ int
+-xmlStrVPrintf(xmlChar *buf, int len, const xmlChar *msg, va_list ap) {
++xmlStrVPrintf(xmlChar *buf, int len, const char *msg, va_list ap) {
+ int ret;
+
+ if((buf == NULL) || (msg == NULL)) {
+Index: libxml2-2.9.2/xmlwriter.c
+===================================================================
+--- libxml2-2.9.2.orig/xmlwriter.c
++++ libxml2-2.9.2/xmlwriter.c
+@@ -113,7 +113,7 @@ static int xmlTextWriterWriteDocCallback
+ const xmlChar * str, int len);
+ static int xmlTextWriterCloseDocCallback(void *context);
+
+-static xmlChar *xmlTextWriterVSprintf(const char *format, va_list argptr);
++static xmlChar *xmlTextWriterVSprintf(const char *format, va_list argptr) LIBXML_ATTR_FORMAT(1,0);
+ static int xmlOutputBufferWriteBase64(xmlOutputBufferPtr out, int len,
+ const unsigned char *data);
+ static void xmlTextWriterStartDocumentCallback(void *ctx);
+@@ -153,7 +153,7 @@ xmlWriterErrMsg(xmlTextWriterPtr ctxt, x
+ *
+ * Handle a writer error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlWriterErrMsgInt(xmlTextWriterPtr ctxt, xmlParserErrors error,
+ const char *msg, int val)
+ {
+Index: libxml2-2.9.2/xpath.c
+===================================================================
+--- libxml2-2.9.2.orig/xpath.c
++++ libxml2-2.9.2/xpath.c
+@@ -639,7 +639,7 @@ xmlXPathErrMemory(xmlXPathContextPtr ctx
+ xmlChar buf[200];
+
+ xmlStrPrintf(buf, 200,
+- BAD_CAST "Memory allocation failed : %s\n",
++ "Memory allocation failed : %s\n",
+ extra);
+ ctxt->lastError.message = (char *) xmlStrdup(buf);
+ } else {
+Index: libxml2-2.9.2/xpointer.c
+===================================================================
+--- libxml2-2.9.2.orig/xpointer.c
++++ libxml2-2.9.2/xpointer.c
+@@ -85,7 +85,7 @@ xmlXPtrErrMemory(const char *extra)
+ *
+ * Handle a redefinition of attribute error
+ */
+-static void
++static void LIBXML_ATTR_FORMAT(3,0)
+ xmlXPtrErr(xmlXPathParserContextPtr ctxt, int error,
+ const char * msg, const xmlChar *extra)
+ {
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2016-4448_2.patch b/meta/recipes-core/libxml/libxml2/CVE-2016-4448_2.patch
new file mode 100644
index 0000000000..bfea8fde55
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2016-4448_2.patch
@@ -0,0 +1,208 @@
+From 502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b Mon Sep 17 00:00:00 2001
+From: David Kilzer <ddkilzer@apple.com>
+Date: Mon, 23 May 2016 14:58:41 +0800
+Subject: [PATCH] More format string warnings with possible format string
+ vulnerability
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=761029
+
+adds a new xmlEscapeFormatString() function to escape composed format
+strings
+
+Upstream-Status: Backport
+CVE: CVE-2016-4448 patch #2
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ libxml.h | 3 +++
+ relaxng.c | 3 ++-
+ xmlschemas.c | 39 ++++++++++++++++++++++++++-------------
+ xmlstring.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 86 insertions(+), 14 deletions(-)
+
+Index: libxml2-2.9.2/libxml.h
+===================================================================
+--- libxml2-2.9.2.orig/libxml.h
++++ libxml2-2.9.2/libxml.h
+@@ -9,6 +9,8 @@
+ #ifndef __XML_LIBXML_H__
+ #define __XML_LIBXML_H__
+
++#include <libxml/xmlstring.h>
++
+ #ifndef NO_LARGEFILE_SOURCE
+ #ifndef _LARGEFILE_SOURCE
+ #define _LARGEFILE_SOURCE
+@@ -96,6 +98,7 @@ int __xmlInitializeDict(void);
+ int __xmlRandom(void);
+ #endif
+
++XMLPUBFUN xmlChar * XMLCALL xmlEscapeFormatString(xmlChar **msg);
+ int xmlNop(void);
+
+ #ifdef IN_LIBXML
+Index: libxml2-2.9.2/relaxng.c
+===================================================================
+--- libxml2-2.9.2.orig/relaxng.c
++++ libxml2-2.9.2/relaxng.c
+@@ -2215,7 +2215,8 @@ xmlRelaxNGGetErrorString(xmlRelaxNGValid
+ snprintf(msg, 1000, "Unknown error code %d\n", err);
+ }
+ msg[1000 - 1] = 0;
+- return (xmlStrdup((xmlChar *) msg));
++ xmlChar *result = xmlCharStrdup(msg);
++ return (xmlEscapeFormatString(&result));
+ }
+
+ /**
+Index: libxml2-2.9.2/xmlschemas.c
+===================================================================
+--- libxml2-2.9.2.orig/xmlschemas.c
++++ libxml2-2.9.2/xmlschemas.c
+@@ -1769,7 +1769,7 @@ xmlSchemaFormatItemForReport(xmlChar **b
+ }
+ FREE_AND_NULL(str)
+
+- return (*buf);
++ return (xmlEscapeFormatString(buf));
+ }
+
+ /**
+@@ -2249,6 +2249,13 @@ xmlSchemaFormatNodeForError(xmlChar ** m
+ TODO
+ return (NULL);
+ }
++
++ /*
++ * xmlSchemaFormatItemForReport() also returns an escaped format
++ * string, so do this before calling it below (in the future).
++ */
++ xmlEscapeFormatString(msg);
++
+ /*
+ * VAL TODO: The output of the given schema component is currently
+ * disabled.
+@@ -2476,11 +2483,13 @@ xmlSchemaSimpleTypeErr(xmlSchemaAbstract
+ msg = xmlStrcat(msg, BAD_CAST " '");
+ if (type->builtInType != 0) {
+ msg = xmlStrcat(msg, BAD_CAST "xs:");
+- msg = xmlStrcat(msg, type->name);
+- } else
+- msg = xmlStrcat(msg,
+- xmlSchemaFormatQName(&str,
+- type->targetNamespace, type->name));
++ str = xmlStrdup(type->name);
++ } else {
++ const xmlChar *qName = xmlSchemaFormatQName(&str, type->targetNamespace, type->name);
++ if (!str)
++ str = xmlStrdup(qName);
++ }
++ msg = xmlStrcat(msg, xmlEscapeFormatString(&str));
+ msg = xmlStrcat(msg, BAD_CAST "'");
+ FREE_AND_NULL(str);
+ }
+@@ -2617,7 +2626,7 @@ xmlSchemaComplexTypeErr(xmlSchemaAbstrac
+ str = xmlStrcat(str, BAD_CAST ", ");
+ }
+ str = xmlStrcat(str, BAD_CAST " ).\n");
+- msg = xmlStrcat(msg, BAD_CAST str);
++ msg = xmlStrcat(msg, xmlEscapeFormatString(&str));
+ FREE_AND_NULL(str)
+ } else
+ msg = xmlStrcat(msg, BAD_CAST "\n");
+@@ -3141,11 +3150,13 @@ xmlSchemaPSimpleTypeErr(xmlSchemaParserC
+ msg = xmlStrcat(msg, BAD_CAST " '");
+ if (type->builtInType != 0) {
+ msg = xmlStrcat(msg, BAD_CAST "xs:");
+- msg = xmlStrcat(msg, type->name);
+- } else
+- msg = xmlStrcat(msg,
+- xmlSchemaFormatQName(&str,
+- type->targetNamespace, type->name));
++ str = xmlStrdup(type->name);
++ } else {
++ const xmlChar *qName = xmlSchemaFormatQName(&str, type->targetNamespace, type->name);
++ if (!str)
++ str = xmlStrdup(qName);
++ }
++ msg = xmlStrcat(msg, xmlEscapeFormatString(&str));
+ msg = xmlStrcat(msg, BAD_CAST "'.");
+ FREE_AND_NULL(str);
+ }
+@@ -3158,7 +3169,9 @@ xmlSchemaPSimpleTypeErr(xmlSchemaParserC
+ }
+ if (expected) {
+ msg = xmlStrcat(msg, BAD_CAST " Expected is '");
+- msg = xmlStrcat(msg, BAD_CAST expected);
++ xmlChar *expectedEscaped = xmlCharStrdup(expected);
++ msg = xmlStrcat(msg, xmlEscapeFormatString(&expectedEscaped));
++ FREE_AND_NULL(expectedEscaped);
+ msg = xmlStrcat(msg, BAD_CAST "'.\n");
+ } else
+ msg = xmlStrcat(msg, BAD_CAST "\n");
+Index: libxml2-2.9.2/xmlstring.c
+===================================================================
+--- libxml2-2.9.2.orig/xmlstring.c
++++ libxml2-2.9.2/xmlstring.c
+@@ -987,5 +987,60 @@ xmlUTF8Strsub(const xmlChar *utf, int st
+ return(xmlUTF8Strndup(utf, len));
+ }
+
++/**
++ * xmlEscapeFormatString:
++ * @msg: a pointer to the string in which to escape '%' characters.
++ * Must be a heap-allocated buffer created by libxml2 that may be
++ * returned, or that may be freed and replaced.
++ *
++ * Replaces the string pointed to by 'msg' with an escaped string.
++ * Returns the same string with all '%' characters escaped.
++ */
++xmlChar *
++xmlEscapeFormatString(xmlChar **msg)
++{
++ xmlChar *msgPtr = NULL;
++ xmlChar *result = NULL;
++ xmlChar *resultPtr = NULL;
++ size_t count = 0;
++ size_t msgLen = 0;
++ size_t resultLen = 0;
++
++ if (!msg || !*msg)
++ return(NULL);
++
++ for (msgPtr = *msg; *msgPtr != '\0'; ++msgPtr) {
++ ++msgLen;
++ if (*msgPtr == '%')
++ ++count;
++ }
++
++ if (count == 0)
++ return(*msg);
++
++ resultLen = msgLen + count + 1;
++ result = (xmlChar *) xmlMallocAtomic(resultLen * sizeof(xmlChar));
++ if (result == NULL) {
++ /* Clear *msg to prevent format string vulnerabilities in
++ out-of-memory situations. */
++ xmlFree(*msg);
++ *msg = NULL;
++ xmlErrMemory(NULL, NULL);
++ return(NULL);
++ }
++
++ for (msgPtr = *msg, resultPtr = result; *msgPtr != '\0'; ++msgPtr, ++resultPtr) {
++ *resultPtr = *msgPtr;
++ if (*msgPtr == '%')
++ *(++resultPtr) = '%';
++ }
++ result[resultLen - 1] = '\0';
++
++ xmlFree(*msg);
++ *msg = result;
++
++ return *msg;
++}
++
+ #define bottom_xmlstring
+ #include "elfgcchack.h"
diff --git a/meta/recipes-core/libxml/libxml2_2.9.2.bb b/meta/recipes-core/libxml/libxml2_2.9.2.bb
index c7db1de14e..e221a4f702 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.2.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.2.bb
@@ -18,6 +18,8 @@ SRC_URI += "file://CVE-2016-1762.patch \
file://CVE-2016-1833.patch \
file://CVE-2016-3627.patch \
file://CVE-2016-4447.patch \
+ file://CVE-2016-4448_1.patch \
+ file://CVE-2016-4448_2.patch \
"
SRC_URI[libtar.md5sum] = "9e6a9aca9d155737868b3dc5fd82f788"