From 9f72e64f0d6971ea7e115504b76e7bfcc3406d1b Mon Sep 17 00:00:00 2001
From: fly_fzc <2385803914@qq.com>
Date: Tue, 19 Dec 2023 14:16:35 +0800
Subject: [PATCH] backport upstream patches

---
 ...ix-buffering-in-xmlOutputBufferWrite.patch |  67 ++++++++++++
 ...Fix-return-value-of-xmlCharEncOutput.patch | 100 ++++++++++++++++++
 libxml2.spec                                  |  12 ++-
 3 files changed, 177 insertions(+), 2 deletions(-)
 create mode 100644 backport-Fix-buffering-in-xmlOutputBufferWrite.patch
 create mode 100644 backport-Fix-return-value-of-xmlCharEncOutput.patch

diff --git a/backport-Fix-buffering-in-xmlOutputBufferWrite.patch b/backport-Fix-buffering-in-xmlOutputBufferWrite.patch
new file mode 100644
index 0000000..810f6fa
--- /dev/null
+++ b/backport-Fix-buffering-in-xmlOutputBufferWrite.patch
@@ -0,0 +1,67 @@
+From dea91c97debeac7c1aaf9c19f79029809e23a353 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 27 Jul 2021 16:12:54 +0200
+Subject: [PATCH] Fix buffering in xmlOutputBufferWrite
+
+Fix a regression introduced with commit a697ed1e which caused
+xmlOutputBufferWrite to flush internal buffers too late.
+
+Fixes #296.
+
+Reference:https://github.com/GNOME/libxml2/commit/dea91c97debeac7c1aaf9c19f79029809e23a353
+Conflict:NA
+
+---
+ xmlIO.c | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/xmlIO.c b/xmlIO.c
+index 57312b97..f20c0fa0 100644
+--- a/xmlIO.c
++++ b/xmlIO.c
+@@ -3401,12 +3401,18 @@ xmlOutputBufferWrite(xmlOutputBufferPtr out, int len, const char *buf) {
+ 		out->error = XML_IO_ENCODER;
+ 		return(-1);
+ 	    }
+-            nbchars = ret >= 0 ? ret : 0;
++            if (out->writecallback)
++	        nbchars = xmlBufUse(out->conv);
++            else
++                nbchars = ret >= 0 ? ret : 0;
+ 	} else {
+ 	    ret = xmlBufAdd(out->buffer, (const xmlChar *) buf, chunk);
+ 	    if (ret != 0)
+ 	        return(-1);
+-            nbchars = chunk;
++            if (out->writecallback)
++	        nbchars = xmlBufUse(out->buffer);
++            else
++                nbchars = chunk;
+ 	}
+ 	buf += chunk;
+ 	len -= chunk;
+@@ -3593,13 +3599,19 @@ xmlOutputBufferWriteEscape(xmlOutputBufferPtr out, const xmlChar *str,
+ 		out->error = XML_IO_ENCODER;
+ 		return(-1);
+ 	    }
+-            nbchars = ret >= 0 ? ret : 0;
++            if (out->writecallback)
++	        nbchars = xmlBufUse(out->conv);
++            else
++                nbchars = ret >= 0 ? ret : 0;
+ 	} else {
+ 	    ret = escaping(xmlBufEnd(out->buffer), &chunk, str, &cons);
+ 	    if ((ret < 0) || (chunk == 0)) /* chunk==0 => nothing done */
+ 	        return(-1);
+             xmlBufAddLen(out->buffer, chunk);
+-            nbchars = chunk;
++            if (out->writecallback)
++	        nbchars = xmlBufUse(out->buffer);
++            else
++                nbchars = chunk;
+ 	}
+ 	str += cons;
+ 	len -= cons;
+-- 
+2.27.0
+
diff --git a/backport-Fix-return-value-of-xmlCharEncOutput.patch b/backport-Fix-return-value-of-xmlCharEncOutput.patch
new file mode 100644
index 0000000..7862776
--- /dev/null
+++ b/backport-Fix-return-value-of-xmlCharEncOutput.patch
@@ -0,0 +1,100 @@
+From a697ed1e24234a9e6a4a4639555dcca230f752c1 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 15 Jun 2020 14:49:22 +0200
+Subject: [PATCH] Fix return value of xmlCharEncOutput
+
+Commit 407b393d introduced a regression caused by xmlCharEncOutput
+returning 0 in case of success instead of the number of bytes written.
+Always use its return value for nbchars in xmlOutputBufferWrite.
+
+Fixes #166.
+
+Reference:https://github.com/GNOME/libxml2/commit/a697ed1e24234a9e6a4a4639555dcca230f752c1
+Conflict:NA
+
+---
+ encoding.c |  6 +++---
+ xmlIO.c    | 20 ++++----------------
+ 2 files changed, 7 insertions(+), 19 deletions(-)
+
+diff --git a/encoding.c b/encoding.c
+index 65c58894..8b6f349c 100644
+--- a/encoding.c
++++ b/encoding.c
+@@ -2394,7 +2394,7 @@ xmlCharEncOutput(xmlOutputBufferPtr output, int init)
+ {
+     int ret;
+     size_t written;
+-    size_t writtentot = 0;
++    int writtentot = 0;
+     size_t toconv;
+     int c_in;
+     int c_out;
+@@ -2427,7 +2427,7 @@ retry:
+ 	xmlGenericError(xmlGenericErrorContext,
+ 		"initialized encoder\n");
+ #endif
+-        return(0);
++        return(c_out);
+     }
+ 
+     /*
+@@ -2540,7 +2540,7 @@ retry:
+             goto retry;
+ 	}
+     }
+-    return(ret);
++    return(writtentot ? writtentot : ret);
+ }
+ #endif
+ 
+diff --git a/xmlIO.c b/xmlIO.c
+index 7827dcf3..57312b97 100644
+--- a/xmlIO.c
++++ b/xmlIO.c
+@@ -3401,18 +3401,12 @@ xmlOutputBufferWrite(xmlOutputBufferPtr out, int len, const char *buf) {
+ 		out->error = XML_IO_ENCODER;
+ 		return(-1);
+ 	    }
+-            if (out->writecallback)
+-	        nbchars = xmlBufUse(out->conv);
+-            else
+-                nbchars = ret;
++            nbchars = ret >= 0 ? ret : 0;
+ 	} else {
+ 	    ret = xmlBufAdd(out->buffer, (const xmlChar *) buf, chunk);
+ 	    if (ret != 0)
+ 	        return(-1);
+-            if (out->writecallback)
+-	        nbchars = xmlBufUse(out->buffer);
+-            else
+-                nbchars = chunk;
++            nbchars = chunk;
+ 	}
+ 	buf += chunk;
+ 	len -= chunk;
+@@ -3599,19 +3593,13 @@ xmlOutputBufferWriteEscape(xmlOutputBufferPtr out, const xmlChar *str,
+ 		out->error = XML_IO_ENCODER;
+ 		return(-1);
+ 	    }
+-            if (out->writecallback)
+-	        nbchars = xmlBufUse(out->conv);
+-            else
+-                nbchars = ret;
++            nbchars = ret >= 0 ? ret : 0;
+ 	} else {
+ 	    ret = escaping(xmlBufEnd(out->buffer), &chunk, str, &cons);
+ 	    if ((ret < 0) || (chunk == 0)) /* chunk==0 => nothing done */
+ 	        return(-1);
+             xmlBufAddLen(out->buffer, chunk);
+-            if (out->writecallback)
+-	        nbchars = xmlBufUse(out->buffer);
+-            else
+-                nbchars = chunk;
++            nbchars = chunk;
+ 	}
+ 	str += cons;
+ 	len -= cons;
+-- 
+2.27.0
+
diff --git a/libxml2.spec b/libxml2.spec
index 287b0dc..c6b0223 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -1,7 +1,7 @@
 Summary: Library providing XML and HTML support
 Name: libxml2
 Version: 2.9.10
-Release: 36
+Release: 37
 License: MIT
 Group: Development/Libraries
 Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz
@@ -135,6 +135,8 @@ Patch121:backport-Fix-old-SAX1-parser-with-custom-callbacks.patch
 Patch122:backport-Always-initialize-SAX1-element-handlers.patch
 Patch123:backport-malloc-fail-Fix-memory-leak-in-xmlStaticCopyNodeList.patch
 Patch124:backport-CVE-2023-45322.patch
+Patch125:backport-Fix-return-value-of-xmlCharEncOutput.patch
+Patch126:backport-Fix-buffering-in-xmlOutputBufferWrite.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: python2-devel
@@ -326,7 +328,13 @@ rm -fr %{buildroot}
 
 
 %changelog
-* Mon Oct 16 hehuazhen <hehuazhen@huawei.com> - 2.9.10-35
+* Tue Dec 19 2023 fuanan <fuanan3@h-partners.com> - 2.9.10-37
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:backport upstream patches
+
+* Mon Oct 16 2023 hehuazhen <hehuazhen@huawei.com> - 2.9.10-36
 - Type:CVE
 - CVE:CVE-2023-45322
 - SUG:NA
-- 
Gitee