diff options
author | Jiaqing Zhao <jiaqing.zhao@linux.intel.com> | 2022-05-05 16:15:06 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-05-20 10:08:06 +0100 |
commit | 708d0151242ebb1fe2783210c68095c617ea6088 (patch) | |
tree | d7959f68624dfc15e6eccab35ed41c84318c9bd0 /meta | |
parent | 21da7a4def8f59e52b17937531a19c3fd6cda001 (diff) | |
download | poky-708d0151242ebb1fe2783210c68095c617ea6088.tar.gz |
libxml2: Upgrade 2.9.13 -> 2.9.14
Security
[CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
Fix potential double-free in xmlXPtrStringRangeFunction
Fix memory leak in xmlFindCharEncodingHandler
Normalize XPath strings in-place
Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() (David Kilzer)
Fix leak of xmlElementContent (David Kilzer)
Bug fixes
Fix parsing of subtracted regex character classes
Fix recursion check in xinclude.c
Reset last error in xmlCleanupGlobals
Fix certain combinations of regex range quantifiers
Fix range quantifier on subregex
Improvements
Fix recovery from invalid HTML start tags
Build system, portability
Define LFS macros before including system headers
Initialize XPath floating-point globals
configure: check for icu DEFS (James Hilliard)
configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
Fix build with older Python versions
Fix --without-valid build
(From OE-Core rev: 393b81058f3b970eb906a7f9daa842d8a0747700)
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c4ba21f4012e8859fc793bec7df76e56eb8058ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch | 99 | ||||
-rw-r--r-- | meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch | 21 | ||||
-rw-r--r-- | meta/recipes-core/libxml/libxml2_2.9.14.bb (renamed from meta/recipes-core/libxml/libxml2_2.9.13.bb) | 5 |
3 files changed, 14 insertions, 111 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch deleted file mode 100644 index e188914613..0000000000 --- a/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch +++ /dev/null | |||
@@ -1,99 +0,0 @@ | |||
1 | From 646fe48d1c8a74310c409ddf81fe7df6700052af Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Wellnhofer <wellnhofer@aevum.de> | ||
3 | Date: Tue, 22 Feb 2022 11:51:08 +0100 | ||
4 | Subject: [PATCH] Fix --without-valid build | ||
5 | |||
6 | Regressed in commit 652dd12a. | ||
7 | --- | ||
8 | valid.c | 58 ++++++++++++++++++++++++++++----------------------------- | ||
9 | 1 file changed, 29 insertions(+), 29 deletions(-) | ||
10 | --- | ||
11 | |||
12 | From https://github.com/GNOME/libxml2.git | ||
13 | commit 646fe48d1c8a74310c409ddf81fe7df6700052af | ||
14 | |||
15 | CVE: CVE-2022-23308 | ||
16 | Upstream-Status: Backport | ||
17 | |||
18 | Signed-off-by: Joe Slater <joe.slater@windriver.com> | ||
19 | |||
20 | |||
21 | diff --git a/valid.c b/valid.c | ||
22 | index 8e596f1d..9684683a 100644 | ||
23 | --- a/valid.c | ||
24 | +++ b/valid.c | ||
25 | @@ -479,35 +479,6 @@ nodeVPop(xmlValidCtxtPtr ctxt) | ||
26 | return (ret); | ||
27 | } | ||
28 | |||
29 | -/** | ||
30 | - * xmlValidNormalizeString: | ||
31 | - * @str: a string | ||
32 | - * | ||
33 | - * Normalize a string in-place. | ||
34 | - */ | ||
35 | -static void | ||
36 | -xmlValidNormalizeString(xmlChar *str) { | ||
37 | - xmlChar *dst; | ||
38 | - const xmlChar *src; | ||
39 | - | ||
40 | - if (str == NULL) | ||
41 | - return; | ||
42 | - src = str; | ||
43 | - dst = str; | ||
44 | - | ||
45 | - while (*src == 0x20) src++; | ||
46 | - while (*src != 0) { | ||
47 | - if (*src == 0x20) { | ||
48 | - while (*src == 0x20) src++; | ||
49 | - if (*src != 0) | ||
50 | - *dst++ = 0x20; | ||
51 | - } else { | ||
52 | - *dst++ = *src++; | ||
53 | - } | ||
54 | - } | ||
55 | - *dst = 0; | ||
56 | -} | ||
57 | - | ||
58 | #ifdef DEBUG_VALID_ALGO | ||
59 | static void | ||
60 | xmlValidPrintNode(xmlNodePtr cur) { | ||
61 | @@ -2636,6 +2607,35 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) { | ||
62 | (xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \ | ||
63 | xmlFree((char *)(str)); | ||
64 | |||
65 | +/** | ||
66 | + * xmlValidNormalizeString: | ||
67 | + * @str: a string | ||
68 | + * | ||
69 | + * Normalize a string in-place. | ||
70 | + */ | ||
71 | +static void | ||
72 | +xmlValidNormalizeString(xmlChar *str) { | ||
73 | + xmlChar *dst; | ||
74 | + const xmlChar *src; | ||
75 | + | ||
76 | + if (str == NULL) | ||
77 | + return; | ||
78 | + src = str; | ||
79 | + dst = str; | ||
80 | + | ||
81 | + while (*src == 0x20) src++; | ||
82 | + while (*src != 0) { | ||
83 | + if (*src == 0x20) { | ||
84 | + while (*src == 0x20) src++; | ||
85 | + if (*src != 0) | ||
86 | + *dst++ = 0x20; | ||
87 | + } else { | ||
88 | + *dst++ = *src++; | ||
89 | + } | ||
90 | + } | ||
91 | + *dst = 0; | ||
92 | +} | ||
93 | + | ||
94 | static int | ||
95 | xmlIsStreaming(xmlValidCtxtPtr ctxt) { | ||
96 | xmlParserCtxtPtr pctxt; | ||
97 | -- | ||
98 | 2.35.1 | ||
99 | |||
diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch index d211f65da3..cc9da88a29 100644 --- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch +++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From f57da62218cf72c1342da82abafdac6b0a2e4997 Mon Sep 17 00:00:00 2001 | 1 | From 7196bce35954c4b46391cb0139aeb15ed628fa54 Mon Sep 17 00:00:00 2001 |
2 | From: Tony Tascioglu <tony.tascioglu@windriver.com> | 2 | From: Tony Tascioglu <tony.tascioglu@windriver.com> |
3 | Date: Fri, 14 May 2021 11:50:35 -0400 | 3 | Date: Fri, 14 May 2021 11:50:35 -0400 |
4 | Subject: [PATCH] AM_PATH_XML2 uses xml-config which we disable through | 4 | Subject: [PATCH] AM_PATH_XML2 uses xml-config which we disable through |
@@ -16,16 +16,18 @@ Rebase to 2.9.9 | |||
16 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | 16 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> |
17 | 17 | ||
18 | Updated to apply cleanly to v2.9.12 | 18 | Updated to apply cleanly to v2.9.12 |
19 | |||
20 | Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> | 19 | Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> |
20 | |||
21 | Rebase to 2.9.14 | ||
22 | Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com> | ||
21 | --- | 23 | --- |
22 | libxml.m4 | 190 ++---------------------------------------------------- | 24 | libxml.m4 | 189 ++---------------------------------------------------- |
23 | 1 file changed, 5 insertions(+), 185 deletions(-) | 25 | 1 file changed, 5 insertions(+), 184 deletions(-) |
24 | 26 | ||
25 | Index: libxml2-2.9.13/libxml.m4 | 27 | diff --git a/libxml.m4 b/libxml.m4 |
26 | =================================================================== | 28 | index fc7790c..1c53585 100644 |
27 | --- libxml2-2.9.13.orig/libxml.m4 | 29 | --- a/libxml.m4 |
28 | +++ libxml2-2.9.13/libxml.m4 | 30 | +++ b/libxml.m4 |
29 | @@ -1,191 +1,12 @@ | 31 | @@ -1,191 +1,12 @@ |
30 | -# Configure paths for LIBXML2 | 32 | -# Configure paths for LIBXML2 |
31 | -# Simon Josefsson 2020-02-12 | 33 | -# Simon Josefsson 2020-02-12 |
@@ -223,3 +225,6 @@ Index: libxml2-2.9.13/libxml.m4 | |||
223 | - AC_SUBST(XML_LIBS) | 225 | - AC_SUBST(XML_LIBS) |
224 | - rm -f conf.xmltest | 226 | - rm -f conf.xmltest |
225 | ]) | 227 | ]) |
228 | -- | ||
229 | 2.34.1 | ||
230 | |||
diff --git a/meta/recipes-core/libxml/libxml2_2.9.13.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb index e361b53bfd..3081ebf92f 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.13.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb | |||
@@ -23,11 +23,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te | |||
23 | file://remove-fuzz-from-ptests.patch \ | 23 | file://remove-fuzz-from-ptests.patch \ |
24 | file://libxml-m4-use-pkgconfig.patch \ | 24 | file://libxml-m4-use-pkgconfig.patch \ |
25 | " | 25 | " |
26 | # will be in v2.9.14 | ||
27 | # | ||
28 | SRC_URI += "file://CVE-2022-23308-fix-regression.patch" | ||
29 | 26 | ||
30 | SRC_URI[archive.sha256sum] = "276130602d12fe484ecc03447ee5e759d0465558fbc9d6bd144e3745306ebf0e" | 27 | SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" |
31 | SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7" | 28 | SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7" |
32 | 29 | ||
33 | BINCONFIG = "${bindir}/xml2-config" | 30 | BINCONFIG = "${bindir}/xml2-config" |