From 1d696f0403493f4b80c577649fbf83b091f33407 Mon Sep 17 00:00:00 2001
From: Sandro Mani <manisandro@gmail.com>
Date: Fri, 18 Feb 2022 21:40:13 +0100
Subject: [PATCH] Update to 2.9.12

---
 .gitignore                                    |   1 +
 libxml2-2.9.10-CVE-2020-24977.patch           |  36 ----
 libxml2-2.9.10-fix-integer-overflow.patch     |  41 ----
 ...ml2-2.9.12-fix-formatting-regression.patch |  31 +++
 libxml2-2.9.12-fix-lxml-corrupted-tree.patch  | 188 ++++++++++++++++++
 libxml2-2.9.8-python3-unicode-errors.patch    |  11 +-
 libxml2-multilib.patch                        |  24 ---
 mingw-libxml2-2.9.10-CVE-2019-20388.patch     |  33 ---
 mingw-libxml2-2.9.10-CVE-2020-7595.patch      |  32 ---
 ...relaxed-approach-to-nested-documents.patch |  33 ---
 mingw-libxml2.spec                            |  38 ++--
 sources                                       |   2 +-
 12 files changed, 247 insertions(+), 223 deletions(-)
 delete mode 100644 libxml2-2.9.10-CVE-2020-24977.patch
 delete mode 100644 libxml2-2.9.10-fix-integer-overflow.patch
 create mode 100644 libxml2-2.9.12-fix-formatting-regression.patch
 create mode 100644 libxml2-2.9.12-fix-lxml-corrupted-tree.patch
 delete mode 100644 libxml2-multilib.patch
 delete mode 100644 mingw-libxml2-2.9.10-CVE-2019-20388.patch
 delete mode 100644 mingw-libxml2-2.9.10-CVE-2020-7595.patch
 delete mode 100644 mingw-libxml2-2.9.10-fix-relaxed-approach-to-nested-documents.patch

diff --git a/.gitignore b/.gitignore
index 654f66c..f9a6ee3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ libxml2-2.7.6.tar.gz
 /libxml2-2.9.3.tar.gz
 /libxml2-2.9.9.tar.gz
 /libxml2-2.9.10.tar.gz
+/libxml2-v2.9.12.tar.bz2
diff --git a/libxml2-2.9.10-CVE-2020-24977.patch b/libxml2-2.9.10-CVE-2020-24977.patch
deleted file mode 100644
index 67ef0ac..0000000
--- a/libxml2-2.9.10-CVE-2020-24977.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Fri, 7 Aug 2020 21:54:27 +0200
-Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'
-
-Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
-array access.
-
-Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
-the report.
-
-Fixes #178.
----
- xmllint.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/xmllint.c b/xmllint.c
-index f6a8e463..c647486f 100644
---- a/xmllint.c
-+++ b/xmllint.c
-@@ -528,6 +528,12 @@ static void
- xmlHTMLEncodeSend(void) {
-     char *result;
- 
-+    /*
-+     * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might
-+     * end with a truncated UTF-8 sequence. This is a hack to at least avoid
-+     * an out-of-bounds read.
-+     */
-+    memset(&buffer[sizeof(buffer)-4], 0, 4);
-     result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer);
-     if (result) {
- 	xmlGenericError(xmlGenericErrorContext, "%s", result);
--- 
-2.28.0.rc2
-
diff --git a/libxml2-2.9.10-fix-integer-overflow.patch b/libxml2-2.9.10-fix-integer-overflow.patch
deleted file mode 100644
index b5a7bec..0000000
--- a/libxml2-2.9.10-fix-integer-overflow.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 8e7c20a1af8776677d7890f30b7a180567701a49 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Mon, 3 Aug 2020 17:30:41 +0200
-Subject: [PATCH] Fix integer overflow when comparing schema dates
-
-Found by OSS-Fuzz.
----
- xmlschemastypes.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/xmlschemastypes.c b/xmlschemastypes.c
-index 4249d700..d6b9f924 100644
---- a/xmlschemastypes.c
-+++ b/xmlschemastypes.c
-@@ -3691,6 +3691,8 @@ xmlSchemaCompareDurations(xmlSchemaValPtr x, xmlSchemaValPtr y)
- 	minday = 0;
- 	maxday = 0;
-     } else {
-+        if (myear > LONG_MAX / 366)
-+            return -2;
-         /* FIXME: This doesn't take leap year exceptions every 100/400 years
-            into account. */
- 	maxday = 365 * myear + (myear + 3) / 4;
-@@ -4079,6 +4081,14 @@ xmlSchemaCompareDates (xmlSchemaValPtr x, xmlSchemaValPtr y)
-     if ((x == NULL) || (y == NULL))
-         return -2;
- 
-+    if ((x->value.date.year > LONG_MAX / 366) ||
-+        (x->value.date.year < LONG_MIN / 366) ||
-+        (y->value.date.year > LONG_MAX / 366) ||
-+        (y->value.date.year < LONG_MIN / 366)) {
-+        /* Possible overflow when converting to days. */
-+        return -2;
-+    }
-+
-     if (x->value.date.tz_flag) {
- 
-         if (!y->value.date.tz_flag) {
--- 
-2.28.0.rc2
-
diff --git a/libxml2-2.9.12-fix-formatting-regression.patch b/libxml2-2.9.12-fix-formatting-regression.patch
new file mode 100644
index 0000000..6419a76
--- /dev/null
+++ b/libxml2-2.9.12-fix-formatting-regression.patch
@@ -0,0 +1,31 @@
+diff -rupN --no-dereference libxml2-v2.9.12/xmlsave.c libxml2-v2.9.12-new/xmlsave.c
+--- libxml2-v2.9.12/xmlsave.c	2022-02-18 21:00:14.226540564 +0100
++++ libxml2-v2.9.12-new/xmlsave.c	2022-02-18 21:00:14.229540592 +0100
+@@ -890,6 +890,13 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr
+             break;
+ 
+         case XML_ELEMENT_NODE:
++	    if ((cur != root) && (ctxt->format == 1) &&
++                (xmlIndentTreeOutput))
++		xmlOutputBufferWrite(buf, ctxt->indent_size *
++				     (ctxt->level > ctxt->indent_nr ?
++				      ctxt->indent_nr : ctxt->level),
++				     ctxt->indent);
++
+             /*
+              * Some users like lxml are known to pass nodes with a corrupted
+              * tree structure. Fall back to a recursive call to handle this
+@@ -900,13 +907,6 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr
+                 break;
+             }
+ 
+-	    if ((ctxt->level > 0) && (ctxt->format == 1) &&
+-                (xmlIndentTreeOutput))
+-		xmlOutputBufferWrite(buf, ctxt->indent_size *
+-				     (ctxt->level > ctxt->indent_nr ?
+-				      ctxt->indent_nr : ctxt->level),
+-				     ctxt->indent);
+-
+             xmlOutputBufferWrite(buf, 1, "<");
+             if ((cur->ns != NULL) && (cur->ns->prefix != NULL)) {
+                 xmlOutputBufferWriteString(buf, (const char *)cur->ns->prefix);
diff --git a/libxml2-2.9.12-fix-lxml-corrupted-tree.patch b/libxml2-2.9.12-fix-lxml-corrupted-tree.patch
new file mode 100644
index 0000000..97722d7
--- /dev/null
+++ b/libxml2-2.9.12-fix-lxml-corrupted-tree.patch
@@ -0,0 +1,188 @@
+diff -rupN --no-dereference libxml2-v2.9.12/HTMLtree.c libxml2-v2.9.12-new/HTMLtree.c
+--- libxml2-v2.9.12/HTMLtree.c	2021-05-13 20:56:16.000000000 +0200
++++ libxml2-v2.9.12-new/HTMLtree.c	2022-02-18 21:00:14.021538664 +0100
+@@ -744,7 +744,7 @@ void
+ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
+ 	                 xmlNodePtr cur, const char *encoding ATTRIBUTE_UNUSED,
+                          int format) {
+-    xmlNodePtr root;
++    xmlNodePtr root, parent;
+     xmlAttrPtr attr;
+     const htmlElemDesc * info;
+ 
+@@ -755,6 +755,7 @@ htmlNodeDumpFormatOutput(xmlOutputBuffer
+     }
+ 
+     root = cur;
++    parent = cur->parent;
+     while (1) {
+         switch (cur->type) {
+         case XML_HTML_DOCUMENT_NODE:
+@@ -762,7 +763,9 @@ htmlNodeDumpFormatOutput(xmlOutputBuffer
+             if (((xmlDocPtr) cur)->intSubset != NULL) {
+                 htmlDtdDumpOutput(buf, (xmlDocPtr) cur, NULL);
+             }
+-            if (cur->children != NULL) {
++            /* Always validate cur->parent when descending. */
++            if ((cur->parent == parent) && (cur->children != NULL)) {
++                parent = cur;
+                 cur = cur->children;
+                 continue;
+             }
+@@ -770,6 +773,16 @@ htmlNodeDumpFormatOutput(xmlOutputBuffer
+ 
+         case XML_ELEMENT_NODE:
+             /*
++             * Some users like lxml are known to pass nodes with a corrupted
++             * tree structure. Fall back to a recursive call to handle this
++             * case.
++             */
++            if ((cur->parent != parent) && (cur->children != NULL)) {
++                htmlNodeDumpFormatOutput(buf, doc, cur, encoding, format);
++                break;
++            }
++
++            /*
+              * Get specific HTML info for that node.
+              */
+             if (cur->ns == NULL)
+@@ -817,6 +830,7 @@ htmlNodeDumpFormatOutput(xmlOutputBuffer
+                     (cur->name != NULL) &&
+                     (cur->name[0] != 'p')) /* p, pre, param */
+                     xmlOutputBufferWriteString(buf, "\n");
++                parent = cur;
+                 cur = cur->children;
+                 continue;
+             }
+@@ -825,9 +839,9 @@ htmlNodeDumpFormatOutput(xmlOutputBuffer
+                 (info != NULL) && (!info->isinline)) {
+                 if ((cur->next->type != HTML_TEXT_NODE) &&
+                     (cur->next->type != HTML_ENTITY_REF_NODE) &&
+-                    (cur->parent != NULL) &&
+-                    (cur->parent->name != NULL) &&
+-                    (cur->parent->name[0] != 'p')) /* p, pre, param */
++                    (parent != NULL) &&
++                    (parent->name != NULL) &&
++                    (parent->name[0] != 'p')) /* p, pre, param */
+                     xmlOutputBufferWriteString(buf, "\n");
+             }
+ 
+@@ -842,9 +856,9 @@ htmlNodeDumpFormatOutput(xmlOutputBuffer
+                 break;
+             if (((cur->name == (const xmlChar *)xmlStringText) ||
+                  (cur->name != (const xmlChar *)xmlStringTextNoenc)) &&
+-                ((cur->parent == NULL) ||
+-                 ((xmlStrcasecmp(cur->parent->name, BAD_CAST "script")) &&
+-                  (xmlStrcasecmp(cur->parent->name, BAD_CAST "style"))))) {
++                ((parent == NULL) ||
++                 ((xmlStrcasecmp(parent->name, BAD_CAST "script")) &&
++                  (xmlStrcasecmp(parent->name, BAD_CAST "style"))))) {
+                 xmlChar *buffer;
+ 
+                 buffer = xmlEncodeEntitiesReentrant(doc, cur->content);
+@@ -902,13 +916,9 @@ htmlNodeDumpFormatOutput(xmlOutputBuffer
+                 break;
+             }
+ 
+-            /*
+-             * The parent should never be NULL here but we want to handle
+-             * corrupted documents gracefully.
+-             */
+-            if (cur->parent == NULL)
+-                return;
+-            cur = cur->parent;
++            cur = parent;
++            /* cur->parent was validated when descending. */
++            parent = cur->parent;
+ 
+             if ((cur->type == XML_HTML_DOCUMENT_NODE) ||
+                 (cur->type == XML_DOCUMENT_NODE)) {
+@@ -939,9 +949,9 @@ htmlNodeDumpFormatOutput(xmlOutputBuffer
+                     (cur->next != NULL)) {
+                     if ((cur->next->type != HTML_TEXT_NODE) &&
+                         (cur->next->type != HTML_ENTITY_REF_NODE) &&
+-                        (cur->parent != NULL) &&
+-                        (cur->parent->name != NULL) &&
+-                        (cur->parent->name[0] != 'p')) /* p, pre, param */
++                        (parent != NULL) &&
++                        (parent->name != NULL) &&
++                        (parent->name[0] != 'p')) /* p, pre, param */
+                         xmlOutputBufferWriteString(buf, "\n");
+                 }
+             }
+diff -rupN --no-dereference libxml2-v2.9.12/xmlsave.c libxml2-v2.9.12-new/xmlsave.c
+--- libxml2-v2.9.12/xmlsave.c	2021-05-13 20:56:16.000000000 +0200
++++ libxml2-v2.9.12-new/xmlsave.c	2022-02-18 21:00:14.022538674 +0100
+@@ -847,7 +847,7 @@ htmlNodeDumpOutputInternal(xmlSaveCtxtPt
+ static void
+ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
+     int format = ctxt->format;
+-    xmlNodePtr tmp, root, unformattedNode = NULL;
++    xmlNodePtr tmp, root, unformattedNode = NULL, parent;
+     xmlAttrPtr attr;
+     xmlChar *start, *end;
+     xmlOutputBufferPtr buf;
+@@ -856,6 +856,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr
+     buf = ctxt->buf;
+ 
+     root = cur;
++    parent = cur->parent;
+     while (1) {
+         switch (cur->type) {
+         case XML_DOCUMENT_NODE:
+@@ -868,7 +869,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr
+             break;
+ 
+         case XML_DOCUMENT_FRAG_NODE:
+-            if (cur->children != NULL) {
++            /* Always validate cur->parent when descending. */
++            if ((cur->parent == parent) && (cur->children != NULL)) {
++                parent = cur;
+                 cur = cur->children;
+                 continue;
+             }
+@@ -887,7 +890,18 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr
+             break;
+ 
+         case XML_ELEMENT_NODE:
+-	    if ((cur != root) && (ctxt->format == 1) && (xmlIndentTreeOutput))
++            /*
++             * Some users like lxml are known to pass nodes with a corrupted
++             * tree structure. Fall back to a recursive call to handle this
++             * case.
++             */
++            if ((cur->parent != parent) && (cur->children != NULL)) {
++                xmlNodeDumpOutputInternal(ctxt, cur);
++                break;
++            }
++
++	    if ((ctxt->level > 0) && (ctxt->format == 1) &&
++                (xmlIndentTreeOutput))
+ 		xmlOutputBufferWrite(buf, ctxt->indent_size *
+ 				     (ctxt->level > ctxt->indent_nr ?
+ 				      ctxt->indent_nr : ctxt->level),
+@@ -942,6 +956,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr
+                 xmlOutputBufferWrite(buf, 1, ">");
+                 if (ctxt->format == 1) xmlOutputBufferWrite(buf, 1, "\n");
+                 if (ctxt->level >= 0) ctxt->level++;
++                parent = cur;
+                 cur = cur->children;
+                 continue;
+             }
+@@ -1058,13 +1073,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr
+                 break;
+             }
+ 
+-            /*
+-             * The parent should never be NULL here but we want to handle
+-             * corrupted documents gracefully.
+-             */
+-            if (cur->parent == NULL)
+-                return;
+-            cur = cur->parent;
++            cur = parent;
++            /* cur->parent was validated when descending. */
++            parent = cur->parent;
+ 
+             if (cur->type == XML_ELEMENT_NODE) {
+                 if (ctxt->level > 0) ctxt->level--;
diff --git a/libxml2-2.9.8-python3-unicode-errors.patch b/libxml2-2.9.8-python3-unicode-errors.patch
index e87dcde..adbc097 100644
--- a/libxml2-2.9.8-python3-unicode-errors.patch
+++ b/libxml2-2.9.8-python3-unicode-errors.patch
@@ -1,8 +1,7 @@
-Index: libxml2-2.9.5/python/libxml.c
-===================================================================
---- libxml2-2.9.5.orig/python/libxml.c
-+++ libxml2-2.9.5/python/libxml.c
-@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
+diff -rupN --no-dereference libxml2-v2.9.12/python/libxml.c libxml2-v2.9.12-new/python/libxml.c
+--- libxml2-v2.9.12/python/libxml.c	2021-05-13 20:56:16.000000000 +0200
++++ libxml2-v2.9.12-new/python/libxml.c	2022-02-18 21:00:13.813536737 +0100
+@@ -1621,6 +1621,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
      PyObject *message;
      PyObject *result;
      char str[1000];
@@ -10,7 +9,7 @@ Index: libxml2-2.9.5/python/libxml.c
  
  #ifdef DEBUG_ERROR
      printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg);
-@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
+@@ -1637,12 +1638,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
  	    str[999] = 0;
          va_end(ap);
  
diff --git a/libxml2-multilib.patch b/libxml2-multilib.patch
deleted file mode 100644
index 138d38f..0000000
--- a/libxml2-multilib.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-*** XML/xml2-config.in.orig	2006-06-06 16:35:56.000000000 +0200
---- XML/xml2-config.in	2006-06-06 16:36:24.000000000 +0200
-***************
-*** 3,9 ****
-  prefix=@prefix@
-  exec_prefix=@exec_prefix@
-  includedir=@includedir@
-! libdir=@libdir@
-  
-  usage()
-  {
---- 3,14 ----
-  prefix=@prefix@
-  exec_prefix=@exec_prefix@
-  includedir=@includedir@
-! if [ "`ldd /bin/sh | grep lib64`" = "" ]
-! then
-!     libdir=${exec_prefix}/lib
-! else
-!     libdir=${exec_prefix}/lib64
-! fi
-  
-  usage()
-  {
diff --git a/mingw-libxml2-2.9.10-CVE-2019-20388.patch b/mingw-libxml2-2.9.10-CVE-2019-20388.patch
deleted file mode 100644
index 3763354..0000000
--- a/mingw-libxml2-2.9.10-CVE-2019-20388.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 6088a74bcf7d0c42e24cff4594d804e1d3c9fbca Mon Sep 17 00:00:00 2001
-From: Zhipeng Xie <xiezhipeng1@huawei.com>
-Date: Tue, 20 Aug 2019 16:33:06 +0800
-Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
-
-When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
-alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
-to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
-vctxt->xsiAssemble to 0 again which cause the alloced schema
-can not be freed anymore.
-
-Found with libFuzzer.
-
-Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
----
- xmlschemas.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/xmlschemas.c b/xmlschemas.c
-index 301c8449..39d92182 100644
---- a/xmlschemas.c
-+++ b/xmlschemas.c
-@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
-     vctxt->nberrors = 0;
-     vctxt->depth = -1;
-     vctxt->skipDepth = -1;
--    vctxt->xsiAssemble = 0;
-     vctxt->hasKeyrefs = 0;
- #ifdef ENABLE_IDC_NODE_TABLES_TEST
-     vctxt->createIDCNodeTables = 1;
--- 
-2.24.1
-
diff --git a/mingw-libxml2-2.9.10-CVE-2020-7595.patch b/mingw-libxml2-2.9.10-CVE-2020-7595.patch
deleted file mode 100644
index 3dd6774..0000000
--- a/mingw-libxml2-2.9.10-CVE-2020-7595.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
-From: Zhipeng Xie <xiezhipeng1@huawei.com>
-Date: Thu, 12 Dec 2019 17:30:55 +0800
-Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
-
-When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
-return NULL which cause a infinite loop in xmlStringLenDecodeEntities
-
-Found with libFuzzer.
-
-Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
----
- parser.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index d1c31963..a34bb6cd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
-     else
-         c = 0;
-     while ((c != 0) && (c != end) && /* non input consuming loop */
--	   (c != end2) && (c != end3)) {
-+           (c != end2) && (c != end3) &&
-+           (ctxt->instate != XML_PARSER_EOF)) {
- 
- 	if (c == 0) break;
-         if ((c == '&') && (str[1] == '#')) {
--- 
-2.24.1
-
diff --git a/mingw-libxml2-2.9.10-fix-relaxed-approach-to-nested-documents.patch b/mingw-libxml2-2.9.10-fix-relaxed-approach-to-nested-documents.patch
deleted file mode 100644
index 0a63636..0000000
--- a/mingw-libxml2-2.9.10-fix-relaxed-approach-to-nested-documents.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 0815302dee2b78139832c2080348086a0564836b Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Fri, 6 Dec 2019 12:27:29 +0100
-Subject: [PATCH] Fix freeing of nested documents
-
-Apparently, some libxslt RVTs can contain nested document nodes, see
-issue #132. I'm not sure how this happens exactly but it can cause a
-segfault in xmlFreeNodeList after the changes in commit 0762c9b6.
-
-Make sure not to touch the (nonexistent) `content` member of xmlDocs.
----
- tree.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/tree.c b/tree.c
-index 070670f1..0d7fc98c 100644
---- a/tree.c
-+++ b/tree.c
-@@ -3708,6 +3708,11 @@ xmlFreeNodeList(xmlNodePtr cur) {
- 		(cur->type != XML_XINCLUDE_START) &&
- 		(cur->type != XML_XINCLUDE_END) &&
- 		(cur->type != XML_ENTITY_REF_NODE) &&
-+		(cur->type != XML_DOCUMENT_NODE) &&
-+#ifdef LIBXML_DOCB_ENABLED
-+		(cur->type != XML_DOCB_DOCUMENT_NODE) &&
-+#endif
-+		(cur->type != XML_HTML_DOCUMENT_NODE) &&
- 		(cur->content != (xmlChar *) &(cur->properties))) {
- 		DICT_FREE(cur->content)
- 	    }
--- 
-2.22.0
-
diff --git a/mingw-libxml2.spec b/mingw-libxml2.spec
index 4cac1d3..e8506c9 100644
--- a/mingw-libxml2.spec
+++ b/mingw-libxml2.spec
@@ -1,30 +1,27 @@
 %{?mingw_package_header}
 
 Name:           mingw-libxml2
-Version:        2.9.10
-Release:        11%{?dist}
+Version:        2.9.12
+Release:        1%{?dist}
 Summary:        MinGW Windows libxml2 XML processing library
 
 License:        MIT
 URL:            http://xmlsoft.org/
-Source0:        ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz
-Patch0:         libxml2-multilib.patch
+Source0:        https://gitlab.gnome.org/GNOME/libxml2/-/archive/v%{version}/libxml2-v%{version}.tar.bz2
+
 # Patch from openSUSE.
 # See:  https://bugzilla.gnome.org/show_bug.cgi?id=789714
 Patch1:         libxml2-2.9.8-python3-unicode-errors.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1780573
-Patch2:         mingw-libxml2-2.9.10-fix-relaxed-approach-to-nested-documents.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1799738
-Patch3:         mingw-libxml2-2.9.10-CVE-2019-20388.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1799788
-Patch4:         mingw-libxml2-2.9.10-CVE-2020-7595.patch
-Patch6:         libxml2-2.9.10-fix-integer-overflow.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1877788
-Patch7:         libxml2-2.9.10-CVE-2020-24977.patch
+# https://gitlab.gnome.org/GNOME/libxml2/-/issues/255
+Patch2:         libxml2-2.9.12-fix-lxml-corrupted-tree.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1965662
+Patch3:         libxml2-2.9.12-fix-formatting-regression.patch
 
 BuildArch:      noarch
 
-BuildRequires: make
+BuildRequires:  automake autoconf libtool
+BuildRequires:  make
+
 BuildRequires:  mingw32-filesystem >= 95
 BuildRequires:  mingw32-gcc
 BuildRequires:  mingw32-binutils
@@ -79,10 +76,12 @@ Static version of the MinGW Windows XML processing library.
 
 
 %prep
-%autosetup -p1 -n libxml2-%{version}
+%autosetup -p1 -n libxml2-v%{version}
 
 
 %build
+NOCONFIGURE=1 ./autogen.sh
+
 # LibXML2 can't build static and shared libraries in one go, so we
 # build LibXML2 twice here
 MINGW32_CPPFLAGS="-DLIBXML_STATIC_FOR_DLL"
@@ -119,7 +118,8 @@ find $RPM_BUILD_ROOT -name "*.la" -delete
 
 # Win32
 %files -n mingw32-libxml2
-%doc AUTHORS ChangeLog COPYING Copyright NEWS README README.tests TODO TODO_SCHEMAS
+%doc AUTHORS ChangeLog NEWS README README.tests TODO TODO_SCHEMAS
+%license Copyright
 %{mingw32_bindir}/libxml2-2.dll
 %{mingw32_bindir}/xml2-config
 %{mingw32_bindir}/xmlcatalog.exe
@@ -136,7 +136,8 @@ find $RPM_BUILD_ROOT -name "*.la" -delete
 
 # Win64
 %files -n mingw64-libxml2
-%doc AUTHORS ChangeLog COPYING Copyright NEWS README README.tests TODO TODO_SCHEMAS
+%doc AUTHORS ChangeLog NEWS README README.tests TODO TODO_SCHEMAS
+%license Copyright
 %{mingw64_bindir}/libxml2-2.dll
 %{mingw64_bindir}/xml2-config
 %{mingw64_bindir}/xmlcatalog.exe
@@ -153,6 +154,9 @@ find $RPM_BUILD_ROOT -name "*.la" -delete
 
 
 %changelog
+* Fri Feb 18 2022 Sandro Mani <manisandro@gmail.com> - 2.9.12-1
+- Update to 2.9.12
+
 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.10-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 
diff --git a/sources b/sources
index 9aa6848..c79d231 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (libxml2-2.9.10.tar.gz) = 0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee7adb0c737aaf9cc6e10426a31a35079b2a23d26c074e299858da12c072ed
+SHA512 (libxml2-v2.9.12.tar.bz2) = 7d3c6f7dcfd528102f70fd81cb109351427865fb990163cd64e90a51902077902c2329ea46ebbe8d1fe973e3e78c5f322e0611d98b84d97a0cc46bef16848008