linux/poky.git/meta/recipes-core/libxml, branch nanbield Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=nanbield 2024-03-16T18:33:21+00:00 libxml2: upgrade to 2.11.7 2024-03-16T18:33:21+00:00 Lee Chee Yang chee.yang.lee@intel.com 2024-03-11T08:39:48+00:00 urn:sha1:0d4b501890fbc72118f2f8d31b4c10148be4db8c libxml2 2.11.7 Security [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking libxml2 2.11.6 Regressions threads: Fix --with-thread-alloc xinclude: Fix 'last' pointer in xmlXIncludeCopyNode Bug fixes parser: Fix potential use-after-free in xmlParseCharDataInternal (From OE-Core rev: a0d164d7705034b2c351c518cebad8811ed5026f) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> libxml2: ignore disputed CVE-2023-45322 2023-11-03T13:49:23+00:00 Ross Burton ross.burton@arm.com 2023-11-03T13:28:06+00:00 urn:sha1:0542c12e893d774f33feb776aea7a6aa6746960c This CVE is a use-after-free which theoretically can be an exploit vector, but this UAF only occurs when malloc() fails. As it's unlikely that the user can orchestrate malloc() failures at just the place to break on _this_ malloc and not others it is disputed that this is actually a security issue. The underlying bug has been fixed, and will be incorporated into the next release. (From OE-Core rev: 8c70e7cecb1beb30a5be4ea9bbc89c2f2e11853b) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libxml2: upgrade 2.11.4 -> 2.11.5 2023-09-02T17:23:05+00:00 Wang Mingyu wangmy@fujitsu.com 2023-08-31T02:35:34+00:00 urn:sha1:c80bd5be88b2934d29d37f21a6100cb18faa9127 Changelog: ========== ### Regressions --------------- - parser: Make xmlSwitchEncoding always skip the BOM - autotools: Improve iconv check ### Bug fixes -------------- - valid: Fix c1->parent pointer in xmlCopyDocElementContent - encoding: Always call ucnv_convertEx with flush set to false ### Portability --------------- - autotools: fix Python module file ext for cygwin/msys2 ### Tests ---------- - runtest: Fix compilation without LIBXML_HTML_ENABLED (From OE-Core rev: 9e1bcaac1da6907d6664c5628e7c6196cfa5fcc7) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS 2023-07-21T10:52:26+00:00 Andrej Valek andrej.valek@siemens.com 2023-07-20T07:19:50+00:00 urn:sha1:c15e506a4674e558922c5a75512ca2b5c296cd44 - Try to add convert and apply statuses for old CVEs - Drop some obsolete ignores, while they are not relevant for current version (From OE-Core rev: 1634ed4048cf56788cd5c2c1bdc979b70afcdcd7) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Reviewed-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libxml2: update 2.10.4 -> 2.11.4 2023-06-27T15:23:40+00:00 Alexander Kanavin alex.kanavin@gmail.com 2023-06-25T21:22:22+00:00 urn:sha1:4bd6fb3488909357ba04cb52a41d3d61086efed3 Drop backports. Drop libxml-64bit.patch (no longer necessary). (From OE-Core rev: 24860598ba8557ea3a145f249938ea411f1ef1d8) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libxml2: Do not use lld linker when building with tests on rv64 2023-06-19T12:18:56+00:00 Khem Raj raj.khem@gmail.com 2023-06-16T08:31:08+00:00 urn:sha1:0344ed776e7127bcb913387a50c7ccfaf173efa9 lld ends up with errors on some tests | riscv64-yoe-linux-ld.lld: error: section size decrease is too large Therefore do not use lld when building ptests (From OE-Core rev: 154e81bb6b05b23c0c673b431cb7cee868421335) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libxml2: upgrade 2.10.3 -> 2.10.4 2023-04-20T10:56:06+00:00 Wang Mingyu wangmy@fujitsu.com 2023-04-17T08:04:29+00:00 urn:sha1:f3f38e2c80c0575abf4bbda2895d5c1a07386bfe Changelog: ========== ### Security - [CVE-2023-29469] Hashing of empty dict strings isn't deterministic - [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType - schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK ### Regressions - SAX2: Ignore namespaces in HTML documents - io: Fix "buffer full" error with certain buffer sizes (From OE-Core rev: 9ddbbf2f86f046784c3baa58de5606a73e9e24f4) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libxml2: Disable icu tests on musl 2023-04-20T10:56:06+00:00 Khem Raj raj.khem@gmail.com 2023-04-17T06:04:33+00:00 urn:sha1:77b5567f18482020f23a91afe52a4cd884123bbe these tests do not work with musl's iconv implementation and would need enabling icu support using --with-icu which we do not enable by default Additionally enable locale with musl too. (From OE-Core rev: 03980db15fa1de2f970705364c2316f17428a3aa) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libxml2: upgrade test data from 20080827 to 20130923 2022-12-26T18:49:07+00:00 Martin Jansa Martin.Jansa@gmail.com 2022-12-24T08:30:05+00:00 urn:sha1:51434c67173e94c56e598c5f3e38d2c6a4f92ca5 * and switch from tar.gz to tar, because the tar.gz archives upstream are regular tar as well now https://www.w3.org/XML/Test/ still has 3 separate URLs for .zip, .tar and .tar.gz, but both tar links return the same file: xmlts20130923.tar: POSIX tar archive (GNU) xmlts20130923.tar.gz: POSIX tar archive (GNU) xmlts20130923.zip: Zip archive data, at least v1.0 to extract, compression method=store -rw-r--r-- 1 martin martin 5.7M Sep 23 2013 xmlts20130923.tar -rw-r--r-- 1 martin martin 5.7M Sep 23 2013 xmlts20130923.tar.gz -rw-r--r-- 1 martin martin 1.6M Sep 23 2013 xmlts20130923.zip c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273 xmlts20130923.tar c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273 xmlts20130923.tar.gz f9510b3532926e1b4c2e54855b021e4b8a66ec98a5337dcf4ff07e8a41968deb xmlts20130923.zip (From OE-Core rev: 0ee43418ce37e52f1886b85ff2c7d8cdff9f2039) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libxml2: add more testing 2022-12-09T13:18:41+00:00 Ross Burton ross.burton@arm.com 2022-12-08T12:10:39+00:00 urn:sha1:4ea8874a957aab419adea4291ed3e75c04f3ddec Backport more test cases fixes from upstream, and add runsuite to the ptests. (From OE-Core rev: a6de5fa28fc90e0184d3d86822d06de5d93bbc44) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>