<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-core/libxml/libxml2, branch uninative-1.7</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=uninative-1.7</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=uninative-1.7'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2017-06-27T09:38:43+00:00</updated>
<entry>
<title>meta: Fix malformed Upstream-Status tags</title>
<updated>2017-06-27T09:38:43+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@intel.com</email>
</author>
<published>2017-06-23T15:44:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=81f9abc256272e0c9b0f993f7a57e2175c692684'/>
<id>urn:sha1:81f9abc256272e0c9b0f993f7a57e2175c692684</id>
<content type='text'>
Fix a variety of spelling and format mistakes to improve the ease of reading the
tags programatically.

(From OE-Core rev: 6e1aaf80b0d951b48cd25cb7161ec19448295094)

Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libxml2: Revert "Add an XML_PARSE_NOXXE flag to block all entities loading even local"</title>
<updated>2017-06-23T10:44:13+00:00</updated>
<author>
<name>Andrej Valek</name>
<email>andrej.valek@siemens.com</email>
</author>
<published>2017-06-14T13:12:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=e7fca5d0d8811d5b664e6fda734221e159fcbde5'/>
<id>urn:sha1:e7fca5d0d8811d5b664e6fda734221e159fcbde5</id>
<content type='text'>
The new flag doesn't work and the change even broke the XML_PARSE_NONET option.

(From OE-Core rev: 8b586f60778579ee2c9adae429128a07e8437553)

Signed-off-by: Andrej Valek &lt;andrej.valek@siemens.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libxml2: Fix CVE-2017-0663</title>
<updated>2017-06-23T10:44:13+00:00</updated>
<author>
<name>Andrej Valek</name>
<email>andrej.valek@siemens.com</email>
</author>
<published>2017-06-14T13:07:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=80aac29b3845cd5e415fe4a30eb7daad10764e90'/>
<id>urn:sha1:80aac29b3845cd5e415fe4a30eb7daad10764e90</id>
<content type='text'>
Fix type confusion in xmlValidateOneNamespace

Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
on namespace declarations make no practical sense anyway.

Fixes bug 780228

CVE: CVE-2017-0663
(From OE-Core rev: a965be7b6a1d730851b4a3bc8fd534b9b2334227)

Signed-off-by: Andrej Valek &lt;andrej.valek@siemens.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libxml2: Fix CVE-2017-5969</title>
<updated>2017-06-23T10:44:13+00:00</updated>
<author>
<name>Andrej Valek</name>
<email>andrej.valek@siemens.com</email>
</author>
<published>2017-06-14T13:01:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=e1a7eb810f9648fa4aed4a4df2ea1d646fbb3c62'/>
<id>urn:sha1:e1a7eb810f9648fa4aed4a4df2ea1d646fbb3c62</id>
<content type='text'>
Fix NULL pointer deref in xmlDumpElementContent

Can only be triggered in recovery mode.

Fixes bug 758422

CVE: CVE-2017-5969
(From OE-Core rev: 0cae039cbe513b7998e067f4f3958af2ec65ed1a)

Signed-off-by: Andrej Valek &lt;andrej.valek@siemens.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libxml2: Fix CVE-2017-9049 and CVE-2017-9050</title>
<updated>2017-06-23T10:44:13+00:00</updated>
<author>
<name>Andrej Valek</name>
<email>andrej.valek@siemens.com</email>
</author>
<published>2017-06-14T12:58:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=371ba8c74332b6ab2d9062edadc93c688751e4ab'/>
<id>urn:sha1:371ba8c74332b6ab2d9062edadc93c688751e4ab</id>
<content type='text'>
Fix handling of parameter-entity references

There were two bugs where parameter-entity references could lead to an
unexpected change of the input buffer in xmlParseNameComplex and
xmlDictLookup being called with an invalid pointer.

Fixes bug 781205 and bug 781361

CVE: CVE-2017-9049 CVE-2017-9050
(From OE-Core rev: 2300762fef8fc8e3e56fb07fd4076c1deeba0a9b)

Signed-off-by: Andrej Valek &lt;andrej.valek@siemens.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libxml2: Fix CVE-2017-9047 and CVE-2017-9048</title>
<updated>2017-06-23T10:44:13+00:00</updated>
<author>
<name>Andrej Valek</name>
<email>andrej.valek@siemens.com</email>
</author>
<published>2017-06-14T12:55:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=1a4f1ccdcc51b7d97ab66214675357b6c2c075f8'/>
<id>urn:sha1:1a4f1ccdcc51b7d97ab66214675357b6c2c075f8</id>
<content type='text'>
xmlSnprintfElementContent failed to correctly check the available
buffer space in two locations.

Fixes bug 781333 and bug 781701

CVE: CVE-2017-9047 CVE-2017-9048
(From OE-Core rev: bb0af023e811907b4e641b39f654ca921ac8794a)

Signed-off-by: Andrej Valek &lt;andrej.valek@siemens.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libxml2: Avoid reparsing and simplify control flow in xmlParseStartTag2</title>
<updated>2017-06-23T10:44:13+00:00</updated>
<author>
<name>Andrej Valek</name>
<email>andrej.valek@siemens.com</email>
</author>
<published>2017-06-14T12:38:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=6765fcec154b1c81250c124fcb46414dcac9be12'/>
<id>urn:sha1:6765fcec154b1c81250c124fcb46414dcac9be12</id>
<content type='text'>
(From OE-Core rev: 4651afdd457eca06da07331186bf28b98df2eeff)

Signed-off-by: Andrej Valek &lt;andrej.valek@siemens.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libxml2: Disable LeakSanitizer when running API tests</title>
<updated>2017-06-23T10:44:13+00:00</updated>
<author>
<name>Andrej Valek</name>
<email>andrej.valek@siemens.com</email>
</author>
<published>2017-06-14T12:34:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=89531a512f012dfb1b77bdeca500d80228c9fc02'/>
<id>urn:sha1:89531a512f012dfb1b77bdeca500d80228c9fc02</id>
<content type='text'>
Makefile.am: Disable LeakSanitizer when running API tests

The autogenerated API tests leak memory.

Upstream-Status: Backported - [https://git.gnome.org/browse/libxml2/commit/?id=ac9a4560ee85b18811ff8ab7791ddfff7b144b0a]
(From OE-Core rev: e3985be0ddb40e8db44422092c875a4e373a6da3)

Signed-off-by: Andrej Valek &lt;andrej.valek@siemens.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libxml2: Make ptest run the Python tests if Python support is enabled</title>
<updated>2017-06-12T22:01:22+00:00</updated>
<author>
<name>Peter Kjellerstedt</name>
<email>peter.kjellerstedt@axis.com</email>
</author>
<published>2017-06-09T19:34:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=4495e78917be867413c324b89a58facbeacb7eb8'/>
<id>urn:sha1:4495e78917be867413c324b89a58facbeacb7eb8</id>
<content type='text'>
Since we go through the trouble of copying the Python tests, we may as
well actually run them...

This also avoids the following QA issue:

  ERROR: libxml2-2.9.4-r0 do_package_qa: QA Issue:
  /usr/lib/libxml2/ptest/python/tests/push.py contained in package
  libxml2-ptest requires /usr/bin/python, but no providers found in
  RDEPENDS_libxml2-ptest? [file-rdeps]

(From OE-Core rev: 65bc9fac6dc6ba5252bf105659724c768d65f9d9)

Signed-off-by: Peter Kjellerstedt &lt;peter.kjellerstedt@axis.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libxml2: CVE-2016-9318</title>
<updated>2017-04-29T10:17:23+00:00</updated>
<author>
<name>Catalin Enache</name>
<email>catalin.enache@windriver.com</email>
</author>
<published>2017-04-14T08:43:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d7ec005904b456c62a226efd5c6931e81459052a'/>
<id>urn:sha1:d7ec005904b456c62a226efd5c6931e81459052a</id>
<content type='text'>
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier
and other products, does not offer a flag directly indicating that
the current document may be read but other files may not be opened,
which makes it easier for remote attackers to conduct XML External
Entity (XXE) attacks via a crafted document.

Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318

Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0

(From OE-Core rev: 0dd44c00e3b2fbc3befc3f361624a3a60161d979)

Signed-off-by: Catalin Enache &lt;catalin.enache@windriver.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
