summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/libxml
Commit message (Collapse)AuthorAgeFilesLines
* libxml2: Fix CVE-2019-20388Lee Chee Yang2020-03-072-0/+38
| | | | | | | | | | | | | | | see: https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68 (From OE-Core rev: 12a5eb0ea6f530ad7be2e58d4091b4edadbf461b) (From OE-Core rev: 49131908e3510dc69e0f278889803a461c2d96c0) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2020-7595Anuj Mittal2020-03-072-0/+37
| | | | | | | | | | | | (From OE-Core rev: f2f7aa9a495774fe5a2e3947584cb3503bd1eaf1) (From OE-Core rev: 72a747f77f9fd051e054e679deacf537b4b7116f) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2019-19956Lee Chee Yang2020-02-042-0/+41
| | | | | | | | | | | see: https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 (From OE-Core rev: 9fd363d21df59fff4488763d62548c936b4d14fb) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: upgrade 2.9.8 -> 2.9.9Hongxu Jia2019-05-129-281/+172
| | | | | | | | | | | - Drop backported fix-CVE-2017-8872.patch, fix-CVE-2018-14404.patch and 0001-Fix-infinite-loop-in-LZMA-decompression.patch (From OE-Core rev: dc51f92b2a6f2439fa93b9b0c1d8c4c13e884813) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* default-distrovars: Drop DISTRO_FEATURES_LIBCKhem Raj2019-02-281-2/+0
| | | | | | | | | | | After eglibc was merged into glibc, Kconfig support was also dropped so these libc features therefore are not effective anymore and can be removed (From OE-Core rev: c62b1cc06613a4cdddf53290e6203559f43fc62d) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* packages: respect PACKAGE_NO_GCONVKai Kang2018-12-051-1/+3
| | | | | | | | | | | | | PACKAGE_NO_GCONV is set in libc-package.bbclass if not all of 'libc-charsets libc-locale-code libc-locales' included in DISTRO_FEATURES. And then no packages glibc-gconv-* glibc-charmap-* and glibc-localedata-* is created. Update recipes and conf file which depend on these packages to check required distro features. (From OE-Core rev: 58446992de0f16a345f1f55b66d0d34d31dc341b) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Make it compatible with externalsrcPeter Kjellerstedt2018-10-101-3/+3
| | | | | | | | | | | | | Fetch the test tar ball to a subdirectory in ${S}. This avoids the following error after having done `devtool modify libxml2`: | DEBUG: Executing shell function do_configure | find: ‘.../build/tmp/work/mips32r2el-nf-poky-linux/libxml2/2.9.4-r0/xmlconf/’: No such file or directory (From OE-Core rev: d0d55add6cb01252a46d829ade75666920b676fa) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: move xmlcatalog and xmllint back into libxml2-utilsAndre McCurdy2018-10-101-3/+4
| | | | | | | | | | | Packaging of libxml2-utils has been broken since 2011: http://git.openembedded.org/openembedded-core/commit/?id=76052861cc95fd4ad4c4b9eb6ce4cd1065ad4dc9 (From OE-Core rev: 6f49e72dbb36d0a42993e7c788c17ff03571ece7) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: refresh CVE-2017-8872Ross Burton2018-10-041-23/+50
| | | | | | | | | | | The patch associated with the CVE-2017-8872 report was never merged into libxml2, but a slightly different patch for the same problem was. Cherry-pick that as a backport, which also fixes the failing test suite. (From OE-Core rev: 512869aea6dde1bb2374601f7c4d793ac9edaa42) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2018-9251 and CVE-2018-14567Hongxu Jia2018-08-202-0/+56
| | | | | | | (From OE-Core rev: b91b276696fb5e0b633b73be408bd750ac4e28ce) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2018-14404Andrej Valek2018-08-142-0/+46
| | | | | | | | | | | | | | | Fix nullptr deref with XPath logic ops If the XPath stack is corrupted, for example by a misbehaving extension function, the "and" and "or" XPath operators could dereference NULL pointers. Check that the XPath stack isn't empty and optimize the logic operators slightly. CVE: CVE-2018-14404 (From OE-Core rev: 69315177732a1d260a3315fe8c4c4c44653ae0c8) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix libxml2 ptest failsChangqing Li2018-08-021-1/+6
| | | | | | | | | | | | | for core-image-minimal image, missing these two dependency will cause below warning and error: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) ./test/icu_parse_test.xml generated an error (From OE-Core rev: 848031cf0b89b752c6fedcb63fc6938642a87fd8) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2017-8872Hongxu Jia2018-07-052-0/+39
| | | | | | | | | | | | | | The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. https://bugzilla.gnome.org/show_bug.cgi?id=775200 (From OE-Core rev: dac867dc63af70ae992c50697d2be95c3e7b58bb) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: 2.9.7 -> 2.9.8Andrej Valek2018-05-043-103/+78
| | | | | | | | (From OE-Core rev: de24ead63802523daa19ce8528ac95d9e041eaf8) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml: refresh patchesRoss Burton2018-03-071-23/+20
| | | | | | | | | | | | | | | | | | | The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: d71d6854fadc96fc3c75617af3beba02952fdef6) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: fix RDEPENDS on several recipes, due to non-existent packagesAlejandro Hernandez2018-01-201-1/+1
| | | | | | | | | | | The packaging has been altered slightly so ensure the dependencies are all still valid. (From OE-Core rev: 3328211afdef8ffb00dd4dff1143959d5412b075) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix makefile for ptestsAnuj Mittal2018-01-142-0/+22
| | | | | | | | | | | | | | | | | Changes to Makefile in latest version mean when "make -k runtests" is executed, it leads to errors like: | make: *** No rule to make target 'runtest.c', needed by 'runtest.o'. | make: *** No rule to make target 'SAX.c', needed by 'SAX.lo'. | make: *** No rule to make target 'entities.c', needed by 'entities.lo'. | make: *** No rule to make target 'encoding.c', needed by 'encoding.lo'. Make sure that we don't try to check and compile the tests again on the target. (From OE-Core rev: 5cf92ca436e1a1ba60fec8b30b6cb3cfd4842bc8) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: 2.9.5 -> 2.9.7Andrej Valek2017-11-081-2/+2
| | | | | | | | (From OE-Core rev: 090eeccce74554bd4282b6a0407963037bc761a9) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: 2.9.4 -> 2.9.5Andrej Valek2017-11-0513-1723/+15
| | | | | | | | (From OE-Core rev: a0d2427bb86668215d7c9e1be07cb9a2d86f6755) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: use HTTP instead of FTP in SRC_URIRoss Burton2017-10-161-1/+1
| | | | | | | | | HTTP is more reliable in general so use it instead of FTP. (From OE-Core rev: bdc71968923941b0720d34a5ce06d82ab2a63b4f) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2-ptest: set LC_ALL=en_US.UTF-8Juro Bystricky2017-10-071-0/+1
| | | | | | | | | | | | | We need to specify UTF-8 in the environment to avoid an error such as: UnicodeEncodeError: 'ascii' codec can't encode character '\xe4' (From OE-Core rev: d7f1fe6c8419b8c59e601c56245373d094cae298) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2-ptest: support for encoding ISO-8859-5Juro Bystricky2017-10-071-2/+2
| | | | | | | | | | | | | | | | This fixes the error: ./test/errors/759398.xml:1: parser error : Unsupported encoding ISO-8859-5 <?xml version='1.0' encoding='ISO-8859-5' standalone='no'?> ^ ./test/errors/759398.xml : failed to parse FAIL: Error cases stream regression tests (From OE-Core rev: 01257f43e024b49196cb756501b098193d1f6085) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2-ptest: improve reproducibilityJuro Bystricky2017-10-071-0/+11
| | | | | | | | | | | | Remove various build host references from libxml-ptest package. [YOCTO #11997] (From OE-Core rev: c2b53ec8d15b97da73353623c0cfe287f74992bf) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2017-8872Hongxu Jia2017-08-272-0/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fix global-buffer-overflow in htmlParseTryOrFinish (HTMLparser.c:5403) https://bugzilla.gnome.org/show_bug.cgi?id=775200 Here is the reproduce steps on ubuntu 16.04, use clang with "-fsanitize=address" ... export CC="clang" export CFLAGS="-fsanitize=address" ./configure --disable-shared make clean all -j wget https://bugzilla.gnome.org/attachment.cgi?id=340871 -O poc ./xmllint --html --push poc ==2785==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000a0de21 at pc 0x0000006a7f6e bp 0x7ffdfe940c10 sp 0x7ffdfe940c08 READ of size 1 at 0x000000a0de21 thread T0 #0 0x6a7f6d (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7f6d) #1 0x6a7356 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7356) #2 0x4f4504 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f4504) #3 0x4f045e (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f045e) #4 0x7f81977d682f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #5 0x419ad8 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x419ad8) ... (From OE-Core rev: a615b0825927a09a0aa8312d131c9acbaef8956d) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Fix malformed Upstream-Status tagsRoss Burton2017-06-273-5/+4
| | | | | | | | | | Fix a variety of spelling and format mistakes to improve the ease of reading the tags programatically. (From OE-Core rev: 6e1aaf80b0d951b48cd25cb7161ec19448295094) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Revert "Add an XML_PARSE_NOXXE flag to block all entities loading ↵Andrej Valek2017-06-232-208/+0
| | | | | | | | | | | even local" The new flag doesn't work and the change even broke the XML_PARSE_NONET option. (From OE-Core rev: 8b586f60778579ee2c9adae429128a07e8437553) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2017-0663Andrej Valek2017-06-232-0/+41
| | | | | | | | | | | | | | | Fix type confusion in xmlValidateOneNamespace Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on namespace declarations make no practical sense anyway. Fixes bug 780228 CVE: CVE-2017-0663 (From OE-Core rev: a965be7b6a1d730851b4a3bc8fd534b9b2334227) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2017-5969Andrej Valek2017-06-232-0/+63
| | | | | | | | | | | | | | Fix NULL pointer deref in xmlDumpElementContent Can only be triggered in recovery mode. Fixes bug 758422 CVE: CVE-2017-5969 (From OE-Core rev: 0cae039cbe513b7998e067f4f3958af2ec65ed1a) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2017-9049 and CVE-2017-9050Andrej Valek2017-06-232-0/+292
| | | | | | | | | | | | | | | | Fix handling of parameter-entity references There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Fixes bug 781205 and bug 781361 CVE: CVE-2017-9049 CVE-2017-9050 (From OE-Core rev: 2300762fef8fc8e3e56fb07fd4076c1deeba0a9b) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2017-9047 and CVE-2017-9048Andrej Valek2017-06-232-0/+104
| | | | | | | | | | | | | xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 and bug 781701 CVE: CVE-2017-9047 CVE-2017-9048 (From OE-Core rev: bb0af023e811907b4e641b39f654ca921ac8794a) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Avoid reparsing and simplify control flow in xmlParseStartTag2Andrej Valek2017-06-232-0/+591
| | | | | | | (From OE-Core rev: 4651afdd457eca06da07331186bf28b98df2eeff) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Disable LeakSanitizer when running API testsAndrej Valek2017-06-231-5/+20
| | | | | | | | | | | | Makefile.am: Disable LeakSanitizer when running API tests The autogenerated API tests leak memory. Upstream-Status: Backported - [https://git.gnome.org/browse/libxml2/commit/?id=ac9a4560ee85b18811ff8ab7791ddfff7b144b0a] (From OE-Core rev: e3985be0ddb40e8db44422092c875a4e373a6da3) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Make ptest run the Python tests if Python support is enabledPeter Kjellerstedt2017-06-122-2/+108
| | | | | | | | | | | | | | | | | Since we go through the trouble of copying the Python tests, we may as well actually run them... This also avoids the following QA issue: ERROR: libxml2-2.9.4-r0 do_package_qa: QA Issue: /usr/lib/libxml2/ptest/python/tests/push.py contained in package libxml2-ptest requires /usr/bin/python, but no providers found in RDEPENDS_libxml2-ptest? [file-rdeps] (From OE-Core rev: 65bc9fac6dc6ba5252bf105659724c768d65f9d9) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: move python module to Python 3Alexander Kanavin2017-05-111-4/+4
| | | | | | | | (From OE-Core rev: e73ac0196f031d254969f6c693a0e31071270cab) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: CVE-2016-9318Catalin Enache2017-04-292-0/+208
| | | | | | | | | | | | | | | | | | | | libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0 (From OE-Core rev: 0dd44c00e3b2fbc3befc3f361624a3a60161d979) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: make dependencies on python conditionalDmitry Rozhkov2017-04-051-9/+11
| | | | | | | | | | | | | | | | | | | The library libxml2 can provide its own bindings for python2 in addition to the third party python-lxml and python3-lxml packages if this functionality is enabled in PACKAGECONFIG. But in case the functionality is disabled there's no need to depend on python2. Make the dependency on python2 enabled only if the python feature is added to PACKAGECONFIG. Also add missing run-time dependency on make to libxml2-ptest. (From OE-Core rev: 3f1be2c3875fc112d9c67af16759091e007e5b99) Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-011-1/+1
| | | | | | | (From OE-Core rev: 0a1427bf9aeeda6bee2cc0af8da4ea5fd90aef6f) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Drop docs in native caseRichard Purdie2017-01-281-0/+5
| | | | | | | | | With rss, moving these around was having an increasing overhead and we don't need them in the native case so remove them. (From OE-Core rev: 3b8dcd210a494baecead7dd1e568fb60ac93ed9b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: remove True option to getVar callsJoshua Lock2016-12-161-1/+1
| | | | | | | | | | | | | getVar() now defaults to expanding by default, thus remove the True option from getVar() calls with a regex search and replace. Search made with the following regex: getVar ?\(( ?[^,()]*), True\) (From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix more NULL pointer derefsAndrej Valek2016-12-162-0/+47
| | | | | | | | | | | | | The NULL pointer dereferencing could produced some security problems. This is a preventive security fix. (From OE-Core rev: 8f3008114d5000a0865f50833db7c3a3f9808601) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ↵Andrej Valek2016-12-162-0/+270
| | | | | | | | | | | | | | | ranges Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. (From OE-Core rev: 00e928bd1c2aed9caeaf9e411743805d2139a023) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Necessary changes before fixing CVE-2016-5131Andrej Valek2016-12-162-0/+68
| | | | | | | | | | | | | | xpath: - Check for errors after evaluating first operand. - Add sanity check for empty stack. - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes (From OE-Core rev: 96ef568f75dded56a2123b63dcc8b443f796afe0) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Security fix CVE-2016-5131Yi Zhao2016-11-302-0/+181
| | | | | | | | | | | | | | | | | | | CVE-2016-5131 libxml2: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131 Patch from: https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e (From OE-Core rev: 640bd2b98ff33e49b42f1087650ebe20d92259a4) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Make tests non-executableJussi Kukkonen2016-10-151-0/+5
| | | | | | | | | | | | | | The XML W3C conformance test suite contains thousands of xml files all marked executable. We dutifully try to strip all these files of debug info in do_package. "chmod -x" improves build time by ~40 seconds. (From OE-Core rev: eb9cdf6b9277d23d1696233fccc4689e6030644c) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: control ipv6 support based on DISTRO_FEATURESJackie Huang2016-09-031-1/+4
| | | | | | | | | | Add PACKAGECONFIG for ipv6 and control it based on DISTRO_FEATURES. (From OE-Core rev: 1a505037e9a6dc86b523b378d6446baae71f1a2c) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pythonnative.bbclass, python3native.bbclass: export STAGING_INCDIR, ↵Alexander Kanavin2016-07-011-4/+0
| | | | | | | | | | | | | | | | | | | | | | | STAGING_LIBDIR, PYTHON variables We patch Python's distutils modules to access STAGING_INCDIR/LIBDIR, so when they are not set, scripts that utilize distutils (e.g. python-config) fail. Several recipes need to export those manually to prevent such failures, so let's do that in the class instead. PYTHON variable is exported because otherwise autotools' python.m4 macro will pick up its own internal default, which may not be the version that we want. glib recipe in particular was previously using Python 2.x during build due to python.m4 defaulting to it - now it's using Python 3.x, and so needs a small fix in deletion of *.pyc files. (From OE-Core rev: c1e0eb62f2d89b10b187016200018830b1c77945) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: upgrade to 2.9.4Hongxu Jia2016-06-152-48/+2
| | | | | | | | | | - Drop configure.ac-fix-cross-compiling-warning.patch, libxml2 2.9.4 has fixed it (From OE-Core rev: 323c7cec65603476994dde196f4c2c151d0e0d31) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python-native, python3-native: remove the use of exported HOST_SYS and ↵Alexander Kanavin2016-06-011-2/+0
| | | | | | | | | | | | | | BUILD_SYS variables The code that utilized them was superseded by the code (in the same patch!) that is utilizing STAGING_LIBDIR/STAGING_INCDIR, and wasn't correct in the first place as HOST_SYS is not necessarily the same as the sysroot directory name. (From OE-Core rev: 8834e81a38c24a066bb4fefa93da61011d0db244) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix dependencies and QA IssuesMaxin B. John2016-05-061-1/+1
| | | | | | | | | | | | | | | | | | Fix the following QA warnings: WARNING: libxml2-2.9.3-r0 do_package_qa: QA Issue: libxml2 rdepends on libiconv, but it isn't a build dependency, missing libiconv in DEPENDS or PACKAGECONFIG? [build-deps] WARNING: libxml2-2.9.3-r0 do_package_qa: QA Issue: libxml2-python rdepends on libiconv, but it isn't a build dependency, missing libiconv in DEPENDS or PACKAGECONFIG? [build-deps] (From OE-Core rev: 3d97a40cffb780cda4d4acf6d87371427912228b) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix AM_PATH_XML2Robert Yang2016-04-091-1/+1
| | | | | | | | | | | | | | | | The code: suppose $1 == 2.7: verdep=ifelse([$1], [], [], [>= $1]) results in: verdep=>= 2.7 This is wrong in shell: bash: 2.7: command not found Use quotation marks to fix the problem. (From OE-Core rev: 190b57a5f130f8a48d417ad472c0131c49302ee1) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-12 09:51:13 +0000