diff options
author | Armin Kuster <akuster@mvista.com> | 2016-07-09 14:58:22 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-07-27 08:29:59 +0100 |
commit | 0e8aae7bc8de93324415f8dc32d3ca272f2530d4 (patch) | |
tree | bee4edbe9fcf83b1dc9c9c5ad90b7e04c7a8e470 /meta/recipes-core | |
parent | 3e93d609c0530597a251d6402aedc5074720cbf2 (diff) | |
download | poky-0e8aae7bc8de93324415f8dc32d3ca272f2530d4.tar.gz |
libxml2: Security fix for CVE-2016-1836
Affects libxml2 < 2.9.4
(From OE-Core rev: 9229873f278f7c24fb01673ec3d9fd404762bc25)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r-- | meta/recipes-core/libxml/libxml2/CVE-2016-1836.patch | 443 | ||||
-rw-r--r-- | meta/recipes-core/libxml/libxml2_2.9.2.bb | 1 |
2 files changed, 444 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2016-1836.patch b/meta/recipes-core/libxml/libxml2/CVE-2016-1836.patch new file mode 100644 index 0000000000..8462717631 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2016-1836.patch | |||
@@ -0,0 +1,443 @@ | |||
1 | From 45752d2c334b50016666d8f0ec3691e2d680f0a0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Pranjal Jumde <pjumde@apple.com> | ||
3 | Date: Thu, 3 Mar 2016 11:50:34 -0800 | ||
4 | Subject: [PATCH] Bug 759398: Heap use-after-free in xmlDictComputeFastKey | ||
5 | <https://bugzilla.gnome.org/show_bug.cgi?id=759398> | ||
6 | |||
7 | * parser.c: | ||
8 | (xmlParseNCNameComplex): Store start position instead of a | ||
9 | pointer to the name since the underlying buffer may change, | ||
10 | resulting in a stale pointer being used. | ||
11 | * result/errors/759398.xml: Added. | ||
12 | * result/errors/759398.xml.err: Added. | ||
13 | * result/errors/759398.xml.str: Added. | ||
14 | * test/errors/759398.xml: Added test case. | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | CVE: CVE-2016-1836 | ||
18 | |||
19 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
20 | |||
21 | --- | ||
22 | parser.c | 9 +- | ||
23 | result/errors/759398.xml | 0 | ||
24 | result/errors/759398.xml.err | 9 ++ | ||
25 | result/errors/759398.xml.str | 5 + | ||
26 | test/errors/759398.xml | 326 +++++++++++++++++++++++++++++++++++++++++++ | ||
27 | 5 files changed, 344 insertions(+), 5 deletions(-) | ||
28 | create mode 100644 result/errors/759398.xml | ||
29 | create mode 100644 result/errors/759398.xml.err | ||
30 | create mode 100644 result/errors/759398.xml.str | ||
31 | create mode 100755 test/errors/759398.xml | ||
32 | |||
33 | Index: libxml2-2.9.2/parser.c | ||
34 | =================================================================== | ||
35 | --- libxml2-2.9.2.orig/parser.c | ||
36 | +++ libxml2-2.9.2/parser.c | ||
37 | @@ -2010,6 +2010,7 @@ static int spacePop(xmlParserCtxtPtr ctx | ||
38 | #define CUR (*ctxt->input->cur) | ||
39 | #define NXT(val) ctxt->input->cur[(val)] | ||
40 | #define CUR_PTR ctxt->input->cur | ||
41 | +#define BASE_PTR ctxt->input->base | ||
42 | |||
43 | #define CMP4( s, c1, c2, c3, c4 ) \ | ||
44 | ( ((unsigned char *) s)[ 0 ] == c1 && ((unsigned char *) s)[ 1 ] == c2 && \ | ||
45 | @@ -3484,7 +3485,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr c | ||
46 | int len = 0, l; | ||
47 | int c; | ||
48 | int count = 0; | ||
49 | - const xmlChar *end; /* needed because CUR_CHAR() can move cur on \r\n */ | ||
50 | + size_t startPosition = 0; | ||
51 | |||
52 | #ifdef DEBUG | ||
53 | nbParseNCNameComplex++; | ||
54 | @@ -3494,7 +3495,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr c | ||
55 | * Handler for more complex cases | ||
56 | */ | ||
57 | GROW; | ||
58 | - end = ctxt->input->cur; | ||
59 | + startPosition = CUR_PTR - BASE_PTR; | ||
60 | c = CUR_CHAR(l); | ||
61 | if ((c == ' ') || (c == '>') || (c == '/') || /* accelerators */ | ||
62 | (!xmlIsNameStartChar(ctxt, c) || (c == ':'))) { | ||
63 | @@ -3516,7 +3517,6 @@ xmlParseNCNameComplex(xmlParserCtxtPtr c | ||
64 | } | ||
65 | len += l; | ||
66 | NEXTL(l); | ||
67 | - end = ctxt->input->cur; | ||
68 | c = CUR_CHAR(l); | ||
69 | if (c == 0) { | ||
70 | count = 0; | ||
71 | @@ -3530,7 +3530,6 @@ xmlParseNCNameComplex(xmlParserCtxtPtr c | ||
72 | ctxt->input->cur += l; | ||
73 | if (ctxt->instate == XML_PARSER_EOF) | ||
74 | return(NULL); | ||
75 | - end = ctxt->input->cur; | ||
76 | c = CUR_CHAR(l); | ||
77 | } | ||
78 | } | ||
79 | @@ -3539,7 +3538,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr c | ||
80 | xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); | ||
81 | return(NULL); | ||
82 | } | ||
83 | - return(xmlDictLookup(ctxt->dict, end - len, len)); | ||
84 | + return(xmlDictLookup(ctxt->dict, (BASE_PTR + startPosition), len)); | ||
85 | } | ||
86 | |||
87 | /** | ||
88 | Index: libxml2-2.9.2/result/errors/759398.xml.err | ||
89 | =================================================================== | ||
90 | --- /dev/null | ||
91 | +++ libxml2-2.9.2/result/errors/759398.xml.err | ||
92 | @@ -0,0 +1,9 @@ | ||
93 | +./test/errors/759398.xml:210: parser error : StartTag: invalid element name | ||
94 | +need to worry about parsers whi<! don't expand PErefs finding | ||
95 | + ^ | ||
96 | +./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: spec line 50 and termdef | ||
97 | +and provide access to their content and structure.</termdef> <termdef | ||
98 | + ^ | ||
99 | +./test/errors/759398.xml:309: parser error : Extra content at the end of the document | ||
100 | +and provide access to their content and structure.</termdef> <termdef | ||
101 | + ^ | ||
102 | Index: libxml2-2.9.2/result/errors/759398.xml.str | ||
103 | =================================================================== | ||
104 | --- /dev/null | ||
105 | +++ libxml2-2.9.2/result/errors/759398.xml.str | ||
106 | @@ -0,0 +1,5 @@ | ||
107 | +./test/errors/759398.xml:210: parser error : internal error: detected an error in element content | ||
108 | + | ||
109 | +need to worry about parsers whi<! don't expand | ||
110 | + ^ | ||
111 | +./test/errors/759398.xml : failed to parse | ||
112 | Index: libxml2-2.9.2/test/errors/759398.xml | ||
113 | =================================================================== | ||
114 | --- /dev/null | ||
115 | +++ libxml2-2.9.2/test/errors/759398.xml | ||
116 | @@ -0,0 +1,326 @@ | ||
117 | +<?xml version='1.0' encoding='ISO-8859-5' standalone='no'?> | ||
118 | +<!DOCTYPE spec SYSTEM "dtds/spec.dtd" [ | ||
119 | + | ||
120 | +<!-- LAST TOUCHED BY: Tim Bray, 8 February 1997 --> | ||
121 | + | ||
122 | +<!-- The words 'FINAL EDIT' in comments mark places where changes | ||
123 | +need to be made after approval of the document by the ERB, before | ||
124 | +publication. --> | ||
125 | + | ||
126 | +<!ENTITY XML.version "1.0"> | ||
127 | +<!ENTITY doc.date "10 February 1998"> | ||
128 | +<!ENTITY iso6.doc.date "19980210"> | ||
129 | +<!ENTITY w3c.doc.date "02-Feb-1998"> | ||
130 | +<!ENTITY draft.day '10'> | ||
131 | +<!ENTITY draft.month 'February'> | ||
132 | +<!ENTITY draft.year '1998'> | ||
133 | + | ||
134 | +<!ENTITY WebSGML | ||
135 | + 'WebSGML Adaptations Annex to ISO 8879'> | ||
136 | + | ||
137 | +<!ENTITY lt "<"> | ||
138 | +<!ENTITY gt ">"> | ||
139 | +<!ENTITY xmlpio "'<?xml'"> | ||
140 | +<!ENTITY pic "'?>'"> | ||
141 | +<!ENTITY br "\n"> | ||
142 | +<!ENTITY cellback '#c0d9c0'> | ||
143 | +<!ENTITY mdash "--"> <!-- —, but nsgmls doesn't grok hex --> | ||
144 | +<!ENTITY com "--"> | ||
145 | +<!ENTITY como "--"> | ||
146 | +<!ENTITY comc "--"> | ||
147 | +<!ENTITY hcro "&#x"> | ||
148 | +<!-- <!ENTITY nbsp ""> --> | ||
149 | +<!ENTITY nbsp " "> | ||
150 | +<!ENTITY magicents "<code>amp</code>, | ||
151 | +<code>lt</code>, | ||
152 | +<code>gt</code>, | ||
153 | +<code>apos</code>, | ||
154 | +<code>quot</code>"> | ||
155 | + | ||
156 | +<!-- audience and distribution status: for use at publication time --> | ||
157 | +<!ENTITY doc.audience "public review and discussion"> | ||
158 | +<!ENTITY doc.distribution "may be dislributed freely, as long as | ||
159 | +all text and legal notices remain intact"> | ||
160 | + | ||
161 | +]> | ||
162 | + | ||
163 | +<!-- for Panorama *--> | ||
164 | +<?VERBATIM "eg" ?> | ||
165 | + | ||
166 | +<spec> | ||
167 | +<header> | ||
168 | +<title>Extensible Markup Language (XML) 1.0</title> | ||
169 | +<version></version> | ||
170 | +<w3c-designation>REC-xml-&iso6.doc.date;</w3c-designation> | ||
171 | +<w3c-doctype>W3C Recommendation</w3c-doctype> | ||
172 | +<pubdate><day>&draft.day;</day><month>&draft.month;</month><year>&draft.year;</year></pubdate> | ||
173 | + | ||
174 | +<publoc> | ||
175 | +<loc href="http://www.w3.org/TR/1998/REC-xml-&iso6.doc.date;"> | ||
176 | +http://www.w3.org/TR/1998/REC-xml-&iso6.doc.date;</loc> | ||
177 | +<loc href="http://www.w3.org/TR/1998/REC-xml-&iso6.doc.date;.xml"> | ||
178 | +http://www.w3.org/TR/1998/REC-xml-&iso6.doc.date;.xml</loc> | ||
179 | +<loc href="http://www.w3.org/TR/1998/REC-xml-&iso6.doc.date;.html"> | ||
180 | +http://www.w3.org/TR/1998/REC-xml-&iso6.doc.date;.html</loc> | ||
181 | +<loc href="http://www.w3.org/TR/1998/REC-xml-&iso6.doc.date;.pdf"> | ||
182 | +http://www.w3.org/TR/1998/REC-xml-&iso6.doc.date;.pdf</loc> | ||
183 | +<loc href="http://www.w3.org/TR/1998/REC-xml-&iso6.doc.date;.ps"> | ||
184 | +http://www.w3.org/TR/1998/REC-xml-&iso6.doc.date;.ps</loc> | ||
185 | +</publoc> | ||
186 | +<latestloc> | ||
187 | +<loc href="http://www.w3.org/TR/REC-xml"> | ||
188 | +httwww.w3.org/TR/REC-xml</loc> | ||
189 | +</latestloc> | ||
190 | +<prevlocs> | ||
191 | +<loc href="http://www.w3.org/TR/PR-xml-971208"> | ||
192 | +http://www.w3.org/TR/PR-xml-971208</loc> | ||
193 | +<!-- | ||
194 | +<loc href='http://www.w3.org/TR/WD-xml-961114'> | ||
195 | +http://www.w3.org/TR/WD-xml-961114</loc> | ||
196 | +<loc href='http://www.w3.org/TR/WD-xml-lang-970331'> | ||
197 | +http://www.w3.org/TR/WD-xml-lang-970331</loc> | ||
198 | +<loc href='http://www.w3.org/TR/WD-xml-lang-970630'> | ||
199 | +http://www.w3.org/TR/WD-xml-lang-970630</loc> | ||
200 | +<loc href='http://www.w3.org/TR/WD-xml-970807'> | ||
201 | +http://www.w3.org/TR/WD-xml-970807</loc> | ||
202 | +<loc href='http://www.w3.org/TR/WD-xml-971117'> | ||
203 | +http://www.w3.org/TR/WD-xml-971117</loc>--> | ||
204 | +</prevlocs> | ||
205 | +<authlist> | ||
206 | +<author><name>Tim Bray</name> | ||
207 | +<affiliation>Textuality and Netscape</affiliation> | ||
208 | |||
209 | +href="mailto:tbray@textuality.com">tbray@textuality.com</email></author> | ||
210 | +<author><name>Jean Paoli</name> | ||
211 | +<affiliation>Microsoft</affiliation> | ||
212 | +<email href="mailto:jeanpa@microsoft.com">jeanpa@microsoft.com</email></author> | ||
213 | +<author><name>C. M. Sperberg-McQueen</name> | ||
214 | +<affiliation>University of Illinois at Chicago</affiliation> | ||
215 | +<email href="mailto:cmsmcq@uic.edu">cmsmcq@uic.edu</email></author> | ||
216 | +</authlist> | ||
217 | +<abstract> | ||
218 | +<p>The Extensible Markup Language (XML) is a subset of | ||
219 | +SGML that is completely described in this document. Its goal is to | ||
220 | +enable generic SGML to be served, received, and processed on the Web | ||
221 | +in the way that is now possible with HTML. XML has been designed for | ||
222 | +ease of implementation and for interoperability with both SGML and | ||
223 | +HTML.</p> | ||
224 | +</abstract> | ||
225 | +<status> | ||
226 | +<p>This document has been reviewed by W3C Members and | ||
227 | +other interested parties and has been endorsed by the | ||
228 | +Director as a W3C Recommendation. It is a stable | ||
229 | +document and may be used as reference material or cited | ||
230 | +as a normative reference from another document. W3C's | ||
231 | +role in making the Recommendation is to draw attention | ||
232 | +to the spPcification and to promote its widespread | ||
233 | +deployment. This enhances the functionality and | ||
234 | +interoperability of the Web.</p> | ||
235 | +<p> | ||
236 | +This document specifies a syntax created by subsetting an existing, | ||
237 | +widely used international text processing standard (Standard | ||
238 | +Generalized Markup Language, ISO 8879:1986(E) as amended and | ||
239 | +corrected) for use on the World Wide Web. It is a product of the W3C | ||
240 | +XML Activity, details of which can be found at <loc | ||
241 | +href='http://www.w3.org/XML'>http://www.w3.org/XML</loc>. A list of | ||
242 | +current W3C Recommendations and other technical documents can be found | ||
243 | +at <loc href='http://www.w3.org/TR'>http://www.w3.org/TR</loc>. | ||
244 | +</p> | ||
245 | +<p>This specification uses the term URI, which is defined by <bibref | ||
246 | +ref="Berners-Lee"/>, a work in progress expected to update <bibref | ||
247 | +ref="RFC1738"/> and <bibref ref="RFC1808"/>. | ||
248 | +</p> | ||
249 | +<p>The list of known errors in this specification is | ||
250 | +available at | ||
251 | +<loc href='http://www.w3.org/XML/xml-19980210-errata'>http://www.w3.org/XML/xml-19980210-errata</loc>.</p> | ||
252 | +<p>Please report errors in this document to | ||
253 | +<loc href='mailto:xml-editor@w3.org'>xml-editor@w3.org</loc>. | ||
254 | +</p> | ||
255 | +</status> | ||
256 | + | ||
257 | + | ||
258 | +<pubstmt> | ||
259 | +<p>Chicago, Vancouver, Mountain View, et al.: | ||
260 | +World-Wide Web Consortium, XML Working Group, 1996, 1997.</p> | ||
261 | +</pubstmt> | ||
262 | +<sourcedesc> | ||
263 | +<p>Created in electronic form.</p> | ||
264 | +</sourcedesc> | ||
265 | +<langusage> | ||
266 | +<language id='EN'>English</language> | ||
267 | +<language id='ebnf'>Extended Backus-Naur Form (formal grammar)</language> | ||
268 | +</langusage> | ||
269 | +<revisiondesc> | ||
270 | +<slist> | ||
271 | +<sitem>1997-12-03 : CMSMcQ : yet further changes</sitem> | ||
272 | +<sitem>1997-12-02 : TB : further changes (see TB to XML WG, | ||
273 | +2 December 1997)</sitem> | ||
274 | +<sitem>1997-12-02 : CMSMcQ : deal with as many corrections and | ||
275 | +comments from the proofreaders as possible: | ||
276 | +entify hard-coded document date in pubdate element, | ||
277 | +change expansion of entity WebSGML, | ||
278 | +update status description as per Dan Connolly (am not sure | ||
279 | +about refernece to Berners-Lee et al.), | ||
280 | +add 'The' to abstract as per WG decision, | ||
281 | +move Relationship to Existing Standards to back matter and | ||
282 | +combine with References, | ||
283 | +re-order back matter so normative appendices come first, | ||
284 | +re-tag back matter so informative appendices are tagged informdiv1, | ||
285 | +remove XXX XXX from list of 'normative' specs in prose, | ||
286 | +move some references from Other References to Normative References, | ||
287 | +add RFC 1738, 1808, and 2141 to Other References (they are not | ||
288 | +normative since we do not require the processor to enforce any | ||
289 | +rules based on them), | ||
290 | +add reference to 'Fielding draft' (Berners-Lee et al.), | ||
291 | +move notation section to end of body, | ||
292 | +drop URIchar non-terminal and use SkipLit instead, | ||
293 | +lose stray reference to defunct nonterminal 'markupdecls', | ||
294 | +move reference to Aho et al. into appendix (Tim's right), | ||
295 | +add prose note saying that hash marks and fragment identifiers are | ||
296 | +NOT part of the URI formally speaking, and are NOT legal in | ||
297 | +system identifiers (processor 'may' signal an error). | ||
298 | +Work through: | ||
299 | +Tim Bray reacting to James Clark, | ||
300 | +Tim Bray on his own, | ||
301 | +Eve Maler, | ||
302 | + | ||
303 | +NOT DONE YET: | ||
304 | +change binary / text to unparsed / parsed. | ||
305 | +handle James's suggestion about < in attriubte values | ||
306 | +uppercase hex characters, | ||
307 | +namechar list, | ||
308 | +</sitem> | ||
309 | +<sitem>1997-12-01 : JB : add some column-width parameters</sitem> | ||
310 | +<sitem>1997-12-01 : CMSMcQ : begin round of changes to incorporate | ||
311 | +recent WG decisions and other corrections: | ||
312 | +binding sources of character encoding info (27 Aug / 3 Sept), | ||
313 | +correct wording of Faust quotation (restore dropped line), | ||
314 | +drop SDD from EncodingDecl, | ||
315 | +change text at version number 1.0, | ||
316 | +drop misleading (wrong!) sentence about ignorables and extenders, | ||
317 | +modify definxamples with Byte Order Mark. | ||
318 | +Add content model as a term and clarify that it applies to both | ||
319 | +mixed and element content. | ||
320 | +</sitem> | ||
321 | +<sitem>1997-06-30 : CMSMcQ : change date, some cosmetic changes, | ||
322 | +changes to productions for choice, seq, Mixed, NotationType, | ||
323 | +Enumeration. Follow James Clark's suggestion and prohibit | ||
324 | +conditional sections in internal subset. TO DO: simplify | ||
325 | +production for ignored sections as a result, since we don't | ||
326 | +need to worry about parsers whi<! don't expand PErefs finding | ||
327 | +a conditional section.</sitem> | ||
328 | +<sitem>1997-06-29 : TB : various edits</sitem> | ||
329 | +<sitem>1997-06-29 : CMSMcQ : further changes: | ||
330 | +Suppress old FINAL EDIT comments and some dead material. | ||
331 | +Revise occurrences of % in grammar to exploit Henry Thompson's pun, | ||
332 | +especially markupdecl and attdef. | ||
333 | +Remove RMD requirement relating to element content (?). | ||
334 | +</sitem> | ||
335 | +<sitem>1997-06-28 : CMSMcQ : Various changes for 1 July draft: | ||
336 | +Add text for draconian error handling (introduce | ||
337 | +the term Fatal Error). | ||
338 | +RE deleta est (changing wording from | ||
339 | +original announcement to restrict the requirement to validating | ||
340 | +parsers). | ||
341 | +Tag definition of validawwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww it meant 'may or may not'.</sitem> | ||
342 | +<sitem>1997-03-21 : TB : massive changes on plane flight from Chicago | ||
343 | +to Vancouver</sitem> | ||
344 | +<sitem>1997-03-21 : CMSMcQ : correct as many reported errors as possible. | ||
345 | +</sitem> | ||
346 | +<sitem>1997-03-20 : CMSMcQ : correct typos listed in CMSMcQ hand copy of spec.</sitem> | ||
347 | +<sitem>1997 James Clark: | ||
348 | +Define the set of characters from which [^abc] subtracts. | ||
349 | +Charref should use just [0-9] not Digit. | ||
350 | +Location info needs cleaner treatment: remove? (ERB | ||
351 | +question). | ||
352 | +One example of a PI has wrong pic. | ||
353 | +Clarify discussion of encoding names. | ||
354 | +Encoding failure should lead to unspecified results; don't | ||
355 | +prescribe error recovery. | ||
356 | +Don't require exposure of entity boundaries. | ||
357 | +Ignore white space in element content. | ||
358 | +Reserve entity names of the form u-NNNN. | ||
359 | +Clarify relative URLs. | ||
360 | +And some of my own: | ||
361 | +Correct productions for content model: model cannot | ||
362 | +consist of a name, so "elements ::= cp" is no good. | ||
363 | +</sitem> | ||
364 | +<sitem>1996-11-11 : CMSMcQ : revise for style. | ||
365 | +Add new rhs to entity declaration, for parameter entities.</sitem> | ||
366 | +<sitem>1996-11-10 : CMSMcQ : revise for style. | ||
367 | +Fix / complete section on names, characters. | ||
368 | +Add sections on parameter entities, conditional sections. | ||
369 | +Still to do: Add compatibility note on deterministic content models. | ||
370 | +Finish stylistic revision.</sitem> | ||
371 | +<sitem>1996-10-31 : TB : Add Entity Handling section</sitem> | ||
372 | +<sitem>1996-10-30 : TB : Clean up term & termdef. Slip in | ||
373 | +ERB decision re EMPTY.</sitem> | ||
374 | +<sitem>1996-10-28 : TB : Change DTD. Implement some of Michael's | ||
375 | +suggestions. Change comments back to //. Introduce language for | ||
376 | +XML namespace reservation. Add section on white-space handling. | ||
377 | +Lots more cleanup.</sitem> | ||
378 | +<sitem>1996-10-24 : CMSMcQ : quick tweaks, implement some ERB | ||
379 | +decisions. Characters are not integers. Comments are /* */ not //. | ||
380 | +Add bibliographic refs to 10646, HyTime, Unicode. | ||
381 | +Rename old Cdata as MsData since it's <emph>only</emph> seen | ||
382 | +in marked sections. Call them attribute-value pairs not | ||
383 | +name-value pairs, except once. Internal subset is optional, needs | ||
384 | +'?'. Implied attributes should be signaled to the app, not | ||
385 | +have values supplied by processor.</sitem> | ||
386 | +<sitem>1996-10-16 : TB : track down & excise all DSD references; | ||
387 | +introduce some EBNF for entity declarations.</sitem> | ||
388 | +<sitem>1996-10-?? nsistency check, fix up scraps so | ||
389 | +they all parse, get formatter working, correct a few productions.</sitem> | ||
390 | +<sitem>1996-10-10/11 : CMSMcQ : various maintenance, stylistic, and | ||
391 | +organizational changes: | ||
392 | +Replace a few literals with xmlpio and | ||
393 | +pi""entities, to make them consistent and ensure we can change pic | ||
394 | +reliably when the ERB votes. | ||
395 | +Drop paragraph on recognizers from notation section. | ||
396 | +Add match, exact match to terminology. | ||
397 | +Move old 2.2 XML Processors and Apps into intro. | ||
398 | +Mention comments, PIs, and marked sections in discussion of | ||
399 | +delimiter escaping. | ||
400 | +Streamline discussion of doctype decl syntax. | ||
401 | +Drop old section of 'PI syntax' for doctype decl, and add | ||
402 | +section on partial-DTD summary PIs to end of Logical Structures | ||
403 | +section. | ||
404 | +Revise DSD syntax section to use Tim's subset-in-a-PI | ||
405 | +mechanism.</sitem> | ||
406 | +<sitem>1996-10-10 : TB : eliminate name recognizers (and more?)</sitem> | ||
407 | +<sitem>1996-10-09 : CMSMcQ : revise for style, consistency through 2.3 | ||
408 | +(Characters)</sitem> | ||
409 | +<sitem>1996-10-09 : CMSMcQ : re-unite everything for convenience, | ||
410 | +at least temporarily, and revise quickly</sitem> | ||
411 | +<sitem>1996-10-08 : TB : first major homogenization pass</sitem> | ||
412 | +<sitem>1996-10-08 : TB : turn "current" attribute on div type into | ||
413 | +CDATA</sitem> | ||
414 | +<sitem>1996-10-02 : TB : remould into skeleton + entities</sitem> | ||
415 | +<sitem>1996-09-30 : CMSMcQ : add a few more sections prior to exchange | ||
416 | + with Tim.</sitem> | ||
417 | +<sitem>1996-09-20 : CMSMcQ : finish transcribing notes.</sitem> | ||
418 | +<sitem>1996-09-19 : CMSMcQ : begin transcribing notes for draft.</sitem> | ||
419 | +<sitem>1996-09-13 : CMSMcQ : made outline from notes of 09-06, | ||
420 | +do some housekeeping</sitem> | ||
421 | +</slist> | ||
422 | +</revisiondesc> | ||
423 | +</header> | ||
424 | +<m> is used to read XML documents | ||
425 | +and provide access to their content and structure.</termdef> <termdef | ||
426 | +id="dt-app" term="Application">It is @ssumed that an XML processor is | ||
427 | +doing its work on behalf of another module, called the | ||
428 | +<term>application</term>.</termdef> This specification describes the | ||
429 | +required beh\vior of an XML processor in terms of how it must read XML | ||
430 | +data and the information it must provide to the application.</p> | ||
431 | + | ||
432 | +<div2 id='sec-origin-goals'> | ||
433 | +<head>Origin and Goals</head> | ||
434 | +<p>XML was developed by an XML Working Group (orisable over the | ||
435 | +Internet.</p></item> | ||
436 | +<item><p>XML shall support a wide variey of applications.</p></item> | ||
437 | +<item><p>XML shall be compatible with SGML.</p></item> | ||
438 | +<item><p>It shall be easy to write programs which process XML | ||
439 | +documents.</p></item> | ||
440 | +<item><p>The number of optional features in XML is to be kept to the | ||
441 | +absolute minimum, ideally zero.</p></item> | ||
442 | +<item><p>XML documents shou | ||
443 | \ No newline at end of file | ||
diff --git a/meta/recipes-core/libxml/libxml2_2.9.2.bb b/meta/recipes-core/libxml/libxml2_2.9.2.bb index 328e2a3dbd..798337cb8b 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.2.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.2.bb | |||
@@ -11,6 +11,7 @@ SRC_URI += "file://CVE-2016-1762.patch \ | |||
11 | file://CVE-2016-1840.patch \ | 11 | file://CVE-2016-1840.patch \ |
12 | file://CVE-2016-1838.patch \ | 12 | file://CVE-2016-1838.patch \ |
13 | file://CVE-2016-1839.patch \ | 13 | file://CVE-2016-1839.patch \ |
14 | file://CVE-2016-1836.patch \ | ||
14 | " | 15 | " |
15 | 16 | ||
16 | SRC_URI[libtar.md5sum] = "9e6a9aca9d155737868b3dc5fd82f788" | 17 | SRC_URI[libtar.md5sum] = "9e6a9aca9d155737868b3dc5fd82f788" |