summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/libxml/libxml2
Commit message (Collapse)AuthorAgeFilesLines
* libxml2: fix CVE-2015-7942 and CVE-2015-8035Armin Kuster2016-01-152-0/+96
| | | | | | | | | | | | | | | | CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [YOCTO #8641] (From OE-Core master rev: 27de51f4ad21d9b896e7d48041e7cdf20c564a38) (From OE-Core rev: fdaf0f8f8b034f19639f66e1d30088bb9abfc68d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Security Advisory - libxml2 - CVE-2015-1819Yue Tao2015-06-281-0/+181
| | | | | | | | | | | | | for CVE-2015-1819 Enforce the reader to run in constant memory (From OE-Core rev: 9e67d8ae592a37d7c92d6566466b09c83e9ec6a7) (From OE-Core rev: d1288821b709f47f48bbdb6764f1a35bf2589de7) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: remove libxml2-CVE-2014-3660.patchRobert Yang2015-06-281-147/+0
| | | | | | | | | | | It is a backport patch, and verified that the patch is in the source. (From OE-Core rev: 9a3178b4d3c454e76a0af59afc7b326589c4c666) (From OE-Core rev: 9834785d0b4ee1759d6a469c585a566652cbc38a) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Backport fix for CVE introduced entity issuesRichard Purdie2015-01-151-0/+30
| | | | | | | | | | | | The CVE fix introduced problems with entity issues, we observed this when building the Yocto Docs in particular. Backport the fix from upstream so we can build our docs correctly. [YOCTO #7134] (From OE-Core rev: af501bd51f9a86edd34e0405bc32dabe21312229) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: upgrade to 2.9.2Hongxu Jia2014-12-252-4/+58
| | | | | | | | | | | | | | | | | | - Rebase python-sitepackages-dir.patch to 2.9.2 - Drop libxml2-CVE-2014-3660.patch which has been merged to 2.9.2. - Add configure.ac-fix-cross-compiling-warning.patch to fix cross compilation failure. - Tweak do_configure_prepend, use configure.ac to instead of configure.in - Add cmake files to ${PN}-dev (From OE-Core rev: 06f555fa5a36dbf63b26c3734dbbd0b5af16dc33) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2014-3660Joe MacDonald2014-10-241-0/+147
| | | | | | | | | | | | | | | | | | It was discovered that the patch for CVE-2014-0191 for libxml2 is incomplete. It is still possible to have libxml2 incorrectly perform entity substituton even when the application using libxml2 explicitly disables the feature. This can allow a remote denial-of-service attack on systems with libxml2 prior to 2.9.2. References: http://www.openwall.com/lists/oss-security/2014/10/17/7 https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html (From OE-Core rev: 643597a5c432b2e02033d0cefa3ba4da980d078f) Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: port AM_PATH_XML2 to use pkg-configRoss Burton2014-08-151-0/+204
| | | | | | | | | | Upstream AM_PATH_XML2 uses xml2-config which we disable, so port this macro to use pkg-config. (From OE-Core rev: 3ea77e69a839572a948ff6f1e51d3ca789ad8eed) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix python packaging for nativesdkPaul Eggleton2014-06-061-0/+21
| | | | | | | | | | | | | | | We enable the python module in nativesdk-libxml2, but the python binary used is in the native sysroot and thus you get the module installed in the wrong path. Even with that fixed the python files are still unpackaged, so create an ${PN}-python package and add them to it. (This does not affect the libxml target build at all since python is disabled for that.) (From OE-Core rev: e3d06aa104065748367e1479138f824da5d9951f) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2014-0191Maxin B. John2014-05-081-0/+37
| | | | | | | | | | | | | | | | | It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors. Reference: https://access.redhat.com/security/cve/CVE-2014-0191 (From OE-Core rev: 674bd59d5e357a4aba18c472ac21712a660a84af) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: remove patch for CVE-2012-2871Ross Burton2013-09-171-34/+0
| | | | | | | | | | | This CVE patch is actually against Chromium as they ship an internal fork of libxml2 and breaks ABI. The real issue has been resolved in libxslt 1.1.27, and we're shipping 1.1.28. (From OE-Core rev: e6c60252ab4ba6842f63c6b8a519a85f2ff238fb) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Upstream-Status: Correct capitalizationSaul Wold2013-07-181-1/+1
| | | | | | | (From OE-Core rev: 2d5c457bf888771891e9c29e82ec5a5cecace528) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Add ptestMihaela Sendrea2013-07-102-0/+823
| | | | | | | | | | Install libxml2 test suite and run it as ptest. (From OE-Core rev: 22cf4cc85fbe21a53ca4684b0b06b9af20b2ecc5) Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2 CVE-2012-2871Li Wang2012-12-171-0/+34
| | | | | | | | | | | | | | | | | | | | | | | | the patch come from: http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \ /include/libxml/tree.h?r1=56276&r2=149930 libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871 [YOCTO #3580] [ CQID: WIND00376779 ] Upstream-Status: Pending (From OE-Core rev: bc601f96f34ad17a87f599b58e502ec1b2c13fa3) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix libzypp ansidecl related build failuresRichard Purdie2012-07-101-0/+25
| | | | | | | | | | | | | | | cmake looks at all include statements, even if they're not used. To make builds deterministic and avoid needing to add binutils as a dependency for libzypp, completely remove the include from the header file, even if it is never used. This avoids issues where you'd build binutils, then libzypp, then remove binutils (and hence ansidecl.h) and then recompile libzypp which would still have the dependency and hence fail. (From OE-Core rev: bfaaeb44c5023e2d2a9414c07694c75fa527283b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Update to 2.8.0Saul Wold2012-06-252-46/+0
| | | | | | | | | | removed 2 patches that are now fixed upstream updated hash.c LIC_FILES_CHKSUM due to updating the date to 2012 (From OE-Core rev: b13b2894217ba085931b2a0410b7715d7fa13868) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix build with automake 1.12Nitin A Kamble2012-05-251-0/+23
| | | | | | | (From OE-Core rev: b126d638b7da9cc9e3c7f164e6dca3a1fce5c4ce) Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: add shared library version info to libxml shared librariesMatthew McClintock2012-01-101-0/+23
| | | | | | | | | | | | | | | | | This fixes an issue with RPM where it checks version imformation for binaries linked against libxml and fails because it's missing info | error: Failed dependencies: | libxml2.so.2(LIBXML2_2.6.0) is needed by fmc-0.9.7+2-r2.1.ppce500mc | libxml2.so.2(LIBXML2_2.4.30) is needed by fmc-0.9.7+2-r2.1.ppce500mc | ERROR: Function 'do_rootfs' failed (see Note: fmc is just an example recipe/name (From OE-Core rev: d1f1fec5c6fe980aaf2c1f1dc2a0e737f4adf2dd) Signed-off-by: Matthew McClintock <msm@freescale.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: upgrade to version 2.7.8Qing He2011-04-181-0/+2
| | | | | | | | | | | | [YOCTO #978] from 2.7.7 fixes CVE-2010-4008 (From OE-Core rev: cd13726f1eb1f77f55cf202830d6bf13b47b0860) Signed-off-by: Qing He <qing.he@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Major layout change to the packages directoryRichard Purdie2010-08-271-0/+20
Having one monolithic packages directory makes it hard to find things and is generally overwhelming. This commit splits it into several logical sections roughly based on function, recipes.txt gives more information about the classifications used. The opportunity is also used to switch from "packages" to "recipes" as used in OpenEmbedded as the term "packages" can be confusing to people and has many different meanings. Not all recipes have been classified yet, this is just a first pass at separating things out. Some packages are moved to meta-extras as they're no longer actively used or maintained. Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>